[Top] [All Lists]

Re: draft-fanf-dane-smtp

2012-05-25 13:56:45

Just read through it. I think the approach is correct, in particular the
choice to put the TLSA at the server host name level rather than the mail
domain level is the correct one. As you explain in Appendix A, this is the
only way it can work given the use of cross-ADMD MXes for things like
secondary service.

You might want to put something in the security considerations section about
the trust involved when you have a signed MX pointing to a secondary outside 
your ADMD.


I have just submitted an I-D describing how to use DANE with SMTP. All
comments welcome.

f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>
Hebrides, Bailey: Northeasterly in Hebrides at first, otherwise southeasterly
4 or 5. Slight or moderate. Fog patches. Moderate, occasionally very poor.

---------- Forwarded message ----------
Date: Fri, 25 May 2012 10:10:23 -0700
From: internet-drafts(_at_)ietf(_dot_)org
To: dot(_at_)dotat(_dot_)at
Subject: New Version Notification for draft-fanf-dane-smtp-00.txt

A new version of I-D, draft-fanf-dane-smtp-00.txt has been successfully 
submitted by Tony Finch and posted to the IETF repository.

Filename:      draft-fanf-dane-smtp
Revision:      00
Title:                 Secure inter-domain SMTP with TLS, DNSSEC and TLSA 
Creation date:         2012-05-25
WG ID:                 Individual Submission
Number of pages: 8

   SMTP supports STARTTLS for inter-domain mail transfer, but it only
   provides very limited security because the server&#39;s certificate
   cannot be authenticated.  This memo specifies how TLSA records in the
   DNS can be used for proper MX target server authentication.

The IETF Secretariat

<Prev in Thread] Current Thread [Next in Thread>