Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning)

ietf-smtp

Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning)

2014-06-16 14:07:58

PS:

The next problem with DANE is that it requires users to have an updated
enough DNS server/client that provides tools for the new RR-Type, as
opposed to the "overload the TXT record" mechanism that has been popular in
the email world recently.  I know our code hasn't added support yet, though
it looks like its in recent BIND implementations. ...


BIND and NSD have supported TLSA since 2012, and any reasonably recent DNS
cache should handle TLSA since it doesn't have any special semantics.  The
problem is more likely to be the web crudware that people use to provision
their DNS zones.

R's,
John

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-smtp] certificate pinning, (continued) Re: [ietf-smtp] certificate pinning, Tony Finch Re: [ietf-smtp] certificate pinning, Evert Mouw Re: [ietf-smtp] certificate pinning, Peter Bowen Re: [ietf-smtp] certificate pinning, Evert Mouw Re: [ietf-smtp] certificate pinning, Peter Bowen Re: [ietf-smtp] certificate pinning, Evert Mouw Re: [ietf-smtp] certificate pinning, Tony Finch Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Claus Assmann Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Brandon Long Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), John Levine Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), John Levine <= Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Brandon Long Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), John Levine Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Mark Andrews Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), John Levine Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Mark Andrews Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Tony Finch Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Brandon Long Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), John Levine Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Peter Bowen Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Mark Andrews

Previous by Date:	Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), John Levine
Next by Date:	Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Brandon Long
Previous by Thread:	Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), John Levine
Next by Thread:	Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Brandon Long
Indexes:	[Date] [Thread] [Top] [All Lists]