On Mon, May 05, 2014 at 10:15:11PM -0700, [email protected] wrote:
> Title : SMTP security via opportunistic DANE TLS
> Authors : Viktor Dukhovni
> Wes Hardaker
> Filename : draft-ietf-dane-smtp-with-dane-09.txt
> Pages : 34
> Date : 2014-05-05
Changes from -08:
- Document organization feedback from Olafur. Some long sections
broken up into smaller pieces, and some sub-sections promoted to
top-level sections.
- SMTP clients MAY elect to make use of TLSA records after "insecure"
MX redirection, but MUST NOT misrepresent this as secure delivery.
- Server logs SHOULD show the original (not CNAME expanded) MX hostname
when the MX RRset is "insecure". Otherwise, redirection leading
to downgrades may not be "tamper-evident".
- SMTP clients MAY elect to make use of "insecure" TLSA records (typically
resulting from "insecure" CNAME indirection from
_port._tcp.<servername>, as the zone containing <servername> is
always signed when TLSA records are requested). Again, MUST NOT
misrepresent resulting security.
- Routine corrections already discussed, based on Tom Ritter's feedback.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
