[Top] [All Lists]

Re: draft-fanf-dane-smtp

2012-05-29 21:24:44

Tony Finch wrote:
Hector Santos <hsantos(_at_)isdg(_dot_)net> wrote:
I guess, if anything else, there are two client suggestions to highlight:

  - Automated MTA (router)
  - Interactive MUA smtp client

The draft is for inter-domain SMTP so message submission is out of scope.
I don't think I can make this clearer.


Oh, so that is what you meant by "inter-domain." I am not use to using that term within the confines of mail systems but it fits. Other terms are "routers," "relays," etc or just MTA. I prefer router.

  Inter-domain SMTP:  SMTP between different ADMDs across the public
      Internet, where a client sends mail to a publicly-referenced SMTP

I suggest to add an i.e.

   i.e. a router, relaying MTA, not an MUA with a possible interactive
        CN vs Host domain checking method where the HUMAN is involved.

Anyway, ironically, we are having a related thread now in our support forum regarding a sysop asking about self-signed vs CA signed certs.

My question is:

If the client has to be modified to do this extra TLSA check, then why not just add login to do a CA 3rd party repository? Or support OCSP (Online Certificate Status Protocol) RFC2560?

When change is proposed, then it has to have a payoff. A client trusting a self-signed signature is going to be pre-defined or pre-arranged or known upfront.


<Prev in Thread] Current Thread [Next in Thread>