I'm OK with sections 4.1 and 6 from your I-D, provided that MUAs that implement either MUST implement both. This leaves the choice to mail domains, and it addresses the scalability issues discussed.
You'll notice that my draft says its intended status is experimental. We really need some experience with this stuff before we try to cast it in stone. I know of at least two projects to do SMIMEA support in an MUA, so with any luck we can find out how it works reasonably soon.
I would add that the URI RRs for section 6 should be signed, that clients must validate them with DNSSEC, that the URIs must be HTTPS URIs, and that the authority of each such URI SHOULD (MUST?) have TLSA RRs.
Well, sure. Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
