On Fri, Mar 13, 2015 at 07:25:22PM -0400, James Cloos wrote:
> JL> <hash>._mailbox.domain
>
> I posted in the past that smime and openpgp should use the same _name
> (search the archives for '_at'). I gave up when it got zero traction.
I don't recall seeing this proposal, perhaps it predates my membership
on this list (since ~March 2013).
I like it a lot. The different RRtypes adequately partition the
various records, and a common prefix collates them per user.
> It also would be a good place to look for TLSA RRs for certs supplied
> by tls clients which have mailbox-like names.
Including user-specific TLS certs as TLSA RRs also makes some sense.
I can imagine adding a "check_dane_access" to Postfix that is an
alternative to "check_sasl_access". The authenticated name would
be the envelope sender, and the associated TLSA RRs enable verification
of the presented certificate chain.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
