On 16-04-18 21:39, Brandon Long via mailop wrote:

I think this is an interesting stance, and I'm sure you've heard the
objections to
this before.  You don't have to trust every CA, you certainly don't need to
trust every
CA for every host, and there are other tools to be used here such as cert

Also, maybe at some point the popular DNS providers will have point & click
and DANE configuration, until then, I believe it's much easier for end
users to use MTA-STS.
Note that at our last look, none of the popular providers allowed users to
specify a TXT record
large enough for a 2k DKIM key, for example.

Here in the Netherlands many if not most providers offer DNSSEC for their customers and most of them who do, offer a web based management interface to add TLSA records. The .nl zone is the fourth largest ccTLD with over 5.5 million registered domainnames [1] and some 50 percent of it are DNSSEC secured.


[1] https://stats.sidnlabs.nl/#/home

mailop mailing list

Reply via email to