Patrick Ben Koetter via Postfix-users <[email protected]> writes:
> Greetings! > > Our this year's Christmas gift to the community is a service that let’s you > monitor and detect typical DANE related problems for DANE-enabled inbound SMTP > services. You can integrate the service in your own service environment or run > it as a docker container and poll it for test results from a monitoring > service. > > ## Why? > We believe every platform should enable and use DANE. DANE is the missing > piece in TLS or as Wietse once put it: „Encryption without authentication is > not > 'security'. It just gives some privacy.“ DANE adds the missing authentication > bit. But DANE enforces strict policy and if your platform fails inbound > DANE-verification you will not receive email from those platforms that enforce > outbound DANE-verification. A failing DANE policy imposes a production risk. > > ## Why would your platform fail DANE verification? >>From discussions with Viktor about the statistics he generates at > <https://stats.dnssec-tools.org/#/> we know that in most cases, when > DANE-enabled platforms fail DANE-verification, it is because the published > TLSA resource record(s) in DNS do not match one of the x509 certificate's > fingerprint. > > We want everybody to benefit from the security DANE adds to TLS and not have > people look at it as a production risk! This is why we built the SMTP DANE > Verify service. It will test and detect common DANE policy problems. Using > SMTP DANE Verify everybody will be able to monitor their own (and other) > domains and raise an alarm in case the tested domain fails DANE verification. > > ## How would you use SMTP DANE Verify? > If you think SMTP DANE Verify is for you check out the project at > <https://github.com/sys4/smtp-dane-verify>. The project's README should give > you > all the information you need to setup, run and integrate SMTP DANE Verify on > your platform. > > On a sidenote: In case you are still in doubt if anyone should be using DANE > at > all: the EU has launched a Multi-Stakeholder Working Group for Internet > Standards in the EU and DANE is a major item on the groups roadmap. Follow > this > link to read more: > <https://digital-strategy.ec.europa.eu/en/news/european-commission-seeks-participants-multi-stakeholder-forum-internet-standards-deployment-0> > > And that's it! We hope you will find it as useful as we do. Season greetings > to all of you. Peace on earth to all of us. o:) > > p@rick Hellow Patrick, Also i am using DANE, so i appreciate your hard work. Happy Christmas! Sincerely, -- ^고맙습니다 _布德天下_ 감사합니다_^))//
signature.asc
Description: PGP signature
_______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
