[Top] [All Lists]

Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning)

2014-06-16 12:30:45
On Mon, Jun 16, 2014, Tony Finch wrote:

Can't do DANE without DNSSEC. Yes there's a chicken-and-egg problem, so

Well, not according to the RFC.
However, it seems it should be possible to use the DNS records
(without DNSSEC) as additional check if so desired. Whether that
offers any value is of course a different question.

ietf-smtp mailing list