Sorry, just reading the SMIMEA stuff for the first time, so apologies for the basic question, but do I really have to publish a record for each address? How would I say "this is a trusted intermediate CA for *@gmail.com "?
2014-12-11 17:00 GMT-08:00 Mark Andrews <[email protected]>: > > > In message <[email protected]>, Viktor > Dukhovni writ > es: > > On Fri, Dec 12, 2014 at 11:41:30AM +1100, Mark Andrews wrote: > > > > > > If we're really going to do this as a direct query to the remote > > > > domain (and not a DNSSEC lookup), perhaps the right application > > > > protocol is some sort of minimal SMTP over SSL on a port indicated > > > > by the SRV record: > > > > > > > > <tcp connect> > > > > C/S: <TLS handshake> > > > > C: SMIMEA "Frank.Jr."@example.com > > > > S: 250-3 1 1 <blob1> > > > > S: 250 3 1 2 <blob2> > > > > <TCP disconnect> > > > > > > But not port 25. That is blocked too often. > > > > Absolutely, this would be an additional service on some other port, > > indicated via SRV records, and authenticated via DANE TLSA records. > > > > The downside of something other than HTTPS or DNS, is that while > > less likely to be blocked for anti-spam reasons, this is likely to > > be inaccessible to MUAs inside various firewalled environments. > > > > Perhaps a sufficiently light-weight http encapsulation is right > > after all, and MTA authors might be able to implement just enough > > HTTPS to still support this as an MTA feature. > > > > In Postfix this would be a separate program that runs out of > > "master.cf", but uses the Postfix table facilities to get the data > > out of any supported datastore (including LDAP!). > > > > This however takes far away from any similarity to the SMIMEA draft > > as it is today. Is it really time to throw it all away and start > > again? > > Yes. It's just a pity it has taken so long for other to realise this. > > > -- > > Viktor. > > > > _______________________________________________ > > dane mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/dane > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane >
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
