On Sun, Aug 23, 2015 at 09:07:10PM +0200, Patrik F?ltstr?m wrote:
> What I think I see in the draft is that "DANE and SMTP" is either "on" or
> "off", and I want more shades of gray.
>
> 1. Unsigned MX, Unsigned A/AAAA, not using TLS at all
No, this correctly uses opportunistic *unauthenticated* TLS, and
the certificate is irrelevant.
> 4. Unsigned MX, Signed A/AAAA, TLS used with cert signed by CA (i.e. trusted
> cert)
This is useless, without per-destination static configuration.
> 5. Unsigned MX, Signed A/AAAA, TLS used with cert validated with signed TLSA
> (i.e. trusted cert)
This does not provide adequate MiTM protection, but the draft does
not rule out clients that might do this, rather it does not specify
use of DANE for this case. If enough users want this, such features
could be added to Postfix. The delivery is not immune to active
attacks, but arguably somewhat stronger than ignoring such TLSA
RRs.
The primary use-case would be a provider that is MX hosting lots
of domains, many of which are not DNSSEC signed, but the MX hosts
are.
> 6. Signed MX, Signed A/AAAA, TLS used with cert validated with signed TLSA
The draft (soon to be RFC) is about case 6.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
