Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning)


In message <20140617004819(_dot_)24716(_dot_)qmail(_at_)joyce(_dot_)lan>, "John 
Levine" writes:

If you have outsourced your DNS and they do not support TLSA or
unknown format, go somewhere else or bring it back in house.


Um, Mark, you might want to review your mail and note where Brandon
works.


Yes, and he also mentioned personal servers.  Additionally this
conversation is being archived and read by others.

His tools will support tlsa lookups

e.g.
        dig _443._tcp.isc.org type52

or with really old versions

        dig -t 52 _443._tcp.isc.org

Just because the nmemonic tlsa is unknown doesn't mean that the
record cannot be looked up or be published.

R's,
John

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka(_at_)isc(_dot_)org

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), John Levine

Next by Date:

Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Tony Finch

Previous by Thread:

Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), John Levine

Next by Thread:

Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning), Tony Finch

Indexes:

[Date] [Thread] [Top] [All Lists]