It appears that Tom Ivar Helbekkmo via mailop <t...@hamartun.priv.no> said: >Tobias Fiebig <tob...@fiebig.nl> writes: > >> I share your sentiment. I am not a fan of MTA-STS, and honestly not >> really sure which problem it solves. > >I'm reasonably sure. The problem is: "people are starting to want DANE, >which means we need to implement DNSSEC, which will cost us money, so we >need to design an inferior mechanism that won't cost us anything, but >will fool people into thinking it's close enough to the real thing".
I realize conspiracy theories are fun, but I actually talked to the people who designed MTA-STS at the time they were developing it. Google people did the largest amount of work, and they told me that they didn't (and still don't) do DNSSEC because too much stuff other places would break. Their DNS infrastructure is quite able to handle DNSSEC, but they believed that it would be too long until DNSSEC and DANE would work reliably so MTA-STS was the kludge in the meantime. Clearly opinions can vary. Comcast's mail system is pretty big, and they do use DNSSEC and DANE. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
