Dňa 3. 3. o 10:42 Tom Ivar Helbekkmo via mailop napísal(a):
John Levine via mailop <mailop@mailop.org> writes:
Google people did the largest amount of work, and they told me that
they didn't (and still don't) do DNSSEC because too much stuff other
places would break. Their DNS infrastructure is quite able to handle
DNSSEC, but they believed that it would be too long until DNSSEC and
DANE would work reliably so MTA-STS was the kludge in the meantime.
I don't get it. Surely, things would only "break" where people have
tried to implement these mechanisms, presumably in order to improve
their security, and done it wrong? Those installations are already
broken, but their owners are unaware. If a big player like Google were
to implement DANE support, they would probably notice, and fix their
mistakes. After all, DNSSEC and DANE have worked reliably for a very
long time, but, like most other things, MTA-STS included, they have to
be correctly configured by those who are using them.
In other words, if something can break, one have to fix it, and that fix
costs (money, time, ...), and my are back on "cospiracy theory"... :-P
regards
--
Slavko
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
