On Wed, Mar 25, 2015 at 04:32:03PM +0100, Pieter Lexis wrote: > Disadvantages: > - MTAs will need to talk HTTPS > - It's not DANE (more like 'DNS-Assisted') > - It kind-of defeats the purpose of this WG > - No NSEC3-like protection from address leakage (see sections 9.2 and > 9.3 of RFC7033)
No, if you discover the lookup service using DNSSEC and the service's public keys with DANE, then the lookup service is as an extension of the DNS, and it can provide secure non-existence answers. Nico -- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
