[Top] [All Lists]

Re: [ietf-smtp] DANE without DNSSEC (was: certificate pinning)

2014-06-17 10:39:19
Of course, my point is that clearly DANE is better than nothing and DNSSEC
makes it better.  I don't see what leaving out DNSSEC adds holes that don't
already exist worse without DANE.

I was hoping there was something I was missing in my analysis that
explained it.

On Jun 17, 2014 4:05 AM, "Tony Finch" <dot(_at_)dotat(_dot_)at> wrote:

Brandon Long <blong(_at_)google(_dot_)com> wrote:

Right, I wasn't sure exactly why DANE requires DNSSEC.

The aim is to improve security. There's no point adding complexity if it
doesn't achieve anything.

f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>
Biscay: Northeast 5 or 6. Slight or moderate. Fair. Good.

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>