Just attended ICANN-47 Durban. In the DNSSEC workshop, DANE was discussed, along with using DANE with SMTP.
http://durban47.icann.org/meetings/durban2013/presentation-dnssec-dane-smtp-17jul13-en.pdf So as I understand this, if there is an appropriate TLSA record (all nice and DNSSEC secure) for an SMTP server, one could then "encourage" the use of TLS connections to that server??? Maybe the destination server looks back to see who is talking to it, also does a check for a TLSA record and can therefore conclude "Hey... I see we both do TLS, so I'll only accept TLS from you"... I heard that some other popular MTA's are already developing support for TLSA records. Just wondering if Exim development is going there too. -- . . ___. .__ Posix Systems - (South) Africa /| /| / /__ [email protected] - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
smime.p7s
Description: S/MIME cryptographic signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
