Of course, my point is that clearly DANE is better than nothing and DNSSEC
makes it better. I don't see what leaving out DNSSEC adds holes that don't
already exist worse without DANE.
The baseline for comparison is certs signed by an authority, not the
DNS.
R's,
John
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp