In message <[email protected]>, Viktor Dukhovni writ es: > On Fri, Dec 12, 2014 at 11:41:30AM +1100, Mark Andrews wrote: > > > > If we're really going to do this as a direct query to the remote > > > domain (and not a DNSSEC lookup), perhaps the right application > > > protocol is some sort of minimal SMTP over SSL on a port indicated > > > by the SRV record: > > > > > > <tcp connect> > > > C/S: <TLS handshake> > > > C: SMIMEA "Frank.Jr."@example.com > > > S: 250-3 1 1 <blob1> > > > S: 250 3 1 2 <blob2> > > > <TCP disconnect> > > > > But not port 25. That is blocked too often. > > Absolutely, this would be an additional service on some other port, > indicated via SRV records, and authenticated via DANE TLSA records. > > The downside of something other than HTTPS or DNS, is that while > less likely to be blocked for anti-spam reasons, this is likely to > be inaccessible to MUAs inside various firewalled environments. > > Perhaps a sufficiently light-weight http encapsulation is right > after all, and MTA authors might be able to implement just enough > HTTPS to still support this as an MTA feature. > > In Postfix this would be a separate program that runs out of > "master.cf", but uses the Postfix table facilities to get the data > out of any supported datastore (including LDAP!). > > This however takes far away from any similarity to the SMIMEA draft > as it is today. Is it really time to throw it all away and start > again?
Yes. It's just a pity it has taken so long for other to realise this. > -- > Viktor. > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
