On Mon, 24 Aug 2015, Viktor Dukhovni wrote:
I want the validation of the cert used for the TLS connection to use the
same rules for trust regardless of whether DANE is used (i.e. signed and
properly validated TLSA record for the peer) or if X.509 cert/PKI from
some CA is in use.
What rules would that be? Without DANE or local configuration,
SMTP does no authentication of the peer, for reasons explained in
Section 1.3 of the draft, that we don't need to repeat.
Exactly.
1.1 Unsigned MX
1.2 cert validated from some CA that is trusted
No. Non-DANE SMTP does unauthenticated TLS, and the cert is ignored,
whether its trust chain verifies or not.
I think what Patrik is asking for is that if the target mx hostname is
signed and has a TLSA record, why not validate that and do not use it
for mail delivery if the TLSA record fails? The logs would still NOT
say that the mail was delivered seucrely, because it was not as the MX
record itself was not secure.
I can't see a reason why not to do that, although I can also see why
implementations wouldn't care about this case and just skip all
certificate validation.
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
