Re: [dane] UKS attacks on DANE

Viktor Dukhovni wrote: > > Well, the UKS issue is rather narrowly applicable to special TLS > applications in which cross-origin concerns apply. That's > basically just browsers, and browsers are not doing DANE, and > certainly not DANE-EE(3). I believe your concept is much to narrow. The

Re: [dane] UKS attacks on DANE

On 10 October 2016 at 20:24, Martin Rex wrote: > The description of the problem sounds vaguely familiar. > > https://www.ietf.org/mail-archive/web/dane/current/msg03737.html If only they had listened eh? And they went ahead and published anyway. I didn't do a complete search of

Re: [dane] Nudge DANE SMTP adoption at DNSSEC-signed MX hosting providers

On Fri, Aug 26, 2016 at 01:35:52AM +, Viktor Dukhovni wrote: > Many domain hosting providers that also host the email for the > customer domains. For a bunch of these providers the MX hosts are > in a DNSSEC-signed zone, and a non-trivial number of customer MX > RRsets are also in signed

Re: [dane] UKS attacks on DANE

On 12 October 2016 at 01:45, Martin Rex wrote: >> Well, the UKS issue is rather narrowly applicable to special TLS >> applications in which cross-origin concerns apply. That's >> basically just browsers, and browsers are not doing DANE, and >> certainly not DANE-EE(3). > > I

Re: [dane] UKS attacks on DANE

> On Oct 11, 2016, at 8:31 PM, Martin Thomson wrote: > >> I believe your concept is much to narrow. > > I tend to agree, though that hinges on your definition of > "cross-origin". In the web world, that has a very specific meaning. > What you could say that "if the