Hello, > Since I have never been in the camp of believing that the email matching > problem has been solved Time will tell, but I think we are on a good path. Regarding S/MIME: looks like Mozilla "fixed" it (after some RFC discussions) to case insensitive matching in 2002: https://bugzilla.mozilla.org/show_bug.cgi?id=130692
But regarding your actual concern: > capabilities of an S/MIME client for encryption to be obtained as part of > this query? This is out of the scope of this proposal. Even without DANE you could want to send a mail to someone without having received a signed mail from him before. As well as you can and would and should use DANE key lookup also WHEN replying to a signed mail. > it is possible to put them into a certificate (RFC 4262) but this has > problems when they change (you need to get a new certificate) Still RFC4262 is the RFC to address this problem. Not our key lookup. Of course it would be possible to add some information about that also into the DNS - but that would be a third way to publish this information without any need. Publishing a new cert in DNS isn't a real problem and CAs (if you for some reason want your cert signed) might even offer free resigning if only RFC4262 info is changed in the future. It's good you brought this up but I don't see a real problem here to be solved in the draft... Greetings, Florian -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleissheimer Strasse 26/MG, 80333 Muenchen Sitz der Gesellschaft: Muenchen, Amtsgericht Muenchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
