On Fri, Dec 12, 2014 at 11:41:30AM +1100, Mark Andrews wrote:
> > If we're really going to do this as a direct query to the remote
> > domain (and not a DNSSEC lookup), perhaps the right application
> > protocol is some sort of minimal SMTP over SSL on a port indicated
> > by the SRV record:
> >
> > <tcp connect>
> > C/S: <TLS handshake>
> > C: SMIMEA "Frank.Jr."@example.com
> > S: 250-3 1 1 <blob1>
> > S: 250 3 1 2 <blob2>
> > <TCP disconnect>
>
> But not port 25. That is blocked too often.
Absolutely, this would be an additional service on some other port,
indicated via SRV records, and authenticated via DANE TLSA records.
The downside of something other than HTTPS or DNS, is that while
less likely to be blocked for anti-spam reasons, this is likely to
be inaccessible to MUAs inside various firewalled environments.
Perhaps a sufficiently light-weight http encapsulation is right
after all, and MTA authors might be able to implement just enough
HTTPS to still support this as an MTA feature.
In Postfix this would be a separate program that runs out of
"master.cf", but uses the Postfix table facilities to get the data
out of any supported datastore (including LDAP!).
This however takes far away from any similarity to the SMIMEA draft
as it is today. Is it really time to throw it all away and start
again?
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
