On Tue, Nov 29, 2016 at 02:14:43PM +0000, Garfinkel, Simson L. (Fed) wrote:
> Thanks for your email. Much of the DANE-related work that I�ve been doing
> at NIST is focused on the enterprise of the US Government. However you
> are correct, the DANE protocols could also be used for enable interoperable
> e2e email security for consumers. Thanks for the reminder.
It would be nice to see a few "real" .gov domains with TLSA records
for SMTP. At present only dnsops.gov seems to have TLSA records,
and ironically with a WoSign/StartCom certificate...
--
Viktor.
dnsops.gov. IN MX 10 monitor.dnsops.gov.
dnsops.gov. IN MX 10 snip1v6.dnsops.gov.
_25._tcp.monitor.dnsops.gov. IN TLSA 3 0 1
1d97435ab70152d4de428f9a24f36e80dc1d455dee183505a61be02553ff4f1c ; passed
_25._tcp.snip1v6.dnsops.gov. IN TLSA 3 0 1
1d97435ab70152d4de428f9a24f36e80dc1d455dee183505a61be02553ff4f1c ; ?
snip1v6.dnsops.gov. IN AAAA 2610:20:6005:100:0:0:0:203 ; Connection refused
Subject = CN=monitor.dnsops.gov,C=US
Issuer = CN=StartCom Class 1 DV Server CA,OU=StartCom Certification
Authority,O=StartCom Ltd.,C=IL
Inception = 2016-10-12T17:02:00Z
Expiration = 2019-10-12T17:02:00Z
DNS = monitor.dnsops.gov
_25._tcp.monitor.dnsops.gov. IN TLSA 3 1 1
d46a41adc0402b80e5706f32bc4ad4cbe30f25a73b54c54b427378a6375e5ad5
_______________________________________________
dane mailing list
dane@ietf.org
https://www.ietf.org/mailman/listinfo/dane
