ietf-smtp
[Top] [All Lists]

Re: draft-fanf-dane-smtp

2012-05-26 04:12:32

On Fri 25/May/2012 19:15:36 +0200 Tony Finch wrote:

I have just submitted an I-D describing how to use DANE with SMTP. All
comments welcome.

Two comments:

I'm not into DANE or DNSSEC, but AIUI there's some over-constraining
in Section 3.  The spec requires that the whole list of MXes is
secure, while it could be enough that the selected record is.  For
example, if a domain sets up a dummy backup MX that should work as a
sort of honeypot, it might want to deliberately omit to add security
features to its setup while still allowing secure mail delivery on
their main MX.

Second, for XXX, I'd suggest updating RFC 5451 and extend it as
appropriate.

<Prev in Thread] Current Thread [Next in Thread>