[Top] [All Lists]


2008-10-25 05:02:23

John C Klensin wrote:
--On Friday, 24 October, 2008 17:22 +0100 Tony Finch wrote:
However I don't know how to address its weaknesses for
inter-domain relaying via MX records.

Of course, this is another area in which a functional DNSSEC,
with signature verification by the SMTP clients, would make some
of us sleep a lot more soundly.  But that is not specifically a
TLS problem.

Perhaps some black magic stems from associating certificate validation with authority acceptance. It is also a non-TLS specific problem, but it may be helpful to clarify the relationship between DNS hierarchical delegations and CA chains. To wit, if a CA certificate were assigned along with each domain delegation then we would need no black magic.

BTW, why don't we write the IP number on our server certificates?

<Prev in Thread] Current Thread [Next in Thread>