On Oct 27, 2019, at 2:47 AM, John R Levine <johnl(_at_)taugh(_dot_)com> wrote:
I believe it's the same reason that Google doesn't sign their domains with
Google have signed *some* of their domains with DNSSEC, in particular:
are signed, and are equally valid MX hosts for Gmail and other domains,
you'll even find these names in the presented certificate. What they've
not as yet been able to do is sign google.com, I'm inclined to speculate
that this is related to complications getting the DNS load-balancers to do
They certainly could if they wanted to.
Yes, see above, but DNSSEC for "google.com" is likely to take more time.
ietf-smtp mailing list