> > On 1 May 2016, at 11:29, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote:
> >
> > Wouldn't the same argument tend to indicate SRV or a sub-domain are
> > as troublesome, given in many enterprises, mail and DNS can be in
> > different silos? After all, isn't that the core of the stated argument
> > for not doing DANE/DNSSEC? While putting up a sub-domain or an SRV
> > might be easier than signing the DNS, putting up a .well-known also
> > isn't hard.
> In my experience with large service providers, the mail team are often
> responsible for DNS, or if not, then at least close to the DNS team. Not so
> with the web team, which (again in my experience) is typically in a completely
> different part of the organisation.
The fact that operational changes to the DNS are likely to be needed on
a regular basis by any large email deployment more or less insures this
is the case.
Of course this doesn't translate to DNSSEC magically deploying when needed.
Web services, OTOH, only intersect with webmail, and since that's usually
delivered by a separate application-specific infrastructure, the intersection
may be limited to getting the necessary certificates. And DNS names, of course.
Ned
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
