On Tue, Nov 29, 2016 at 02:14:43PM +0000, Garfinkel, Simson L. (Fed) wrote:
> Thanks for your email. Much of the DANE-related work that I�ve been doing > at NIST is focused on the enterprise of the US Government. However you > are correct, the DANE protocols could also be used for enable interoperable > e2e email security for consumers. Thanks for the reminder. It would be nice to see a few "real" .gov domains with TLSA records for SMTP. At present only dnsops.gov seems to have TLSA records, and ironically with a WoSign/StartCom certificate... -- Viktor. dnsops.gov. IN MX 10 monitor.dnsops.gov. dnsops.gov. IN MX 10 snip1v6.dnsops.gov. _25._tcp.monitor.dnsops.gov. IN TLSA 3 0 1 1d97435ab70152d4de428f9a24f36e80dc1d455dee183505a61be02553ff4f1c ; passed _25._tcp.snip1v6.dnsops.gov. IN TLSA 3 0 1 1d97435ab70152d4de428f9a24f36e80dc1d455dee183505a61be02553ff4f1c ; ? snip1v6.dnsops.gov. IN AAAA 2610:20:6005:100:0:0:0:203 ; Connection refused Subject = CN=monitor.dnsops.gov,C=US Issuer = CN=StartCom Class 1 DV Server CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL Inception = 2016-10-12T17:02:00Z Expiration = 2019-10-12T17:02:00Z DNS = monitor.dnsops.gov _25._tcp.monitor.dnsops.gov. IN TLSA 3 1 1 d46a41adc0402b80e5706f32bc4ad4cbe30f25a73b54c54b427378a6375e5ad5 _______________________________________________ dane mailing list dane@ietf.org https://www.ietf.org/mailman/listinfo/dane