I'd totally missed the opportunity to use the CNAME for the TXT record as
well. Different people will have different things they're worried about,
but for me being able to:
DNS:
example.com. IN MX 0 mx1.provider.net.
example.com. IN MX 0 mx2.provider.net.
_mta-sts.example.com. IN CNAME _mta-sts.provider.net.
mta-sts.example.com. IN CNAME mta-sts.provider.net.
would work fine, and be much simpler than setting up a mta-sts host.
David
On Tue, Sep 5, 2017 at 7:04 PM, Daniel Margolis <[email protected]>
wrote:
> I had it in my head that a CNAME could only point to an A or AAAA, but I
> can't find anything like that in the RFC at a quick glance, so perhaps I
> made that up.
>
> But it sounds like you'd still prefer 302s rather than SNI (i.e. rather
> than having the mta-sts.example.com host record point to provider.net and
> have them have an HTTPS cert for that identity). Which isn't unreasonable,
> I think; people may not have a "policy.example.com"-only certificate
> and/or may not want to give one to the provider and/or the provider may not
> want to do SNI for all their customers.
>
> Any other opinions on this? I think it is relatively easy to switch both
> the text and the code to support redirects, so I don't have a strong
> feeling myself.
>
> On Tue, Sep 5, 2017 at 6:03 PM, Viktor Dukhovni <[email protected]>
> wrote:
>
>>
>> > On Sep 5, 2017, at 10:51 AM, Brotman, Alexander <
>> [email protected]> wrote:
>> >
>> > Quick conversation with some DNS folks, and they say that we can
>> publish a TXT record at the apex of a delegated sub-domain. CNAMEs would
>> not be allowed, but A/TXT should be okay.
>>
>> DNS delegation is much too complex for this purpose. Far simpler:
>>
>> DNS:
>> example.com. IN MX 0 mx1.provider.net.
>> example.com. IN MX 0 mx2.provider.net.
>> _mta-sts.example.com. IN CNAME _mta-sts.provider.net.
>>
>> HTTP:
>> C: GET https://mta-sts.example.com/.well-known/mta-sts.txt HTTP/1.1
>> C: Host: mta-sts.example.com
>>
>> S: 302 Get thee to a punnery
>> Location: https://mta-sts.provider.net/.well-known/mta-sts.txt
>>
>> --
>> Viktor.
>>
>> _______________________________________________
>> Uta mailing list
>> [email protected]
>> https://www.ietf.org/mailman/listinfo/uta
>>
>
>
> _______________________________________________
> Uta mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/uta
>
>
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
