No-one in the world of large scale transfer thought that server certs
from existing CAs (or DANE and its reliance on DNSSEC) were going to
work reliably at scale ... so the bulk handlers of email went for (and
have deployed) MTA-STS (RFC8461) instead.
This reminds me of a basic suggestion in trying to deal with interesting
For every proposal here, I strongly suggest that it begin with a
functional description that is entirely non-technical. No acronyms and
1. What functional/semantic goal is being sought
2. What problems there are with not having that goal met
3. What current mechanisms, which might serve to meet the goal,
4. How adopters will be motivated
After getting agreement on these 4 point, it will be reasonable to
consider specific mechanisms for achieving the goals.
ietf-smtp mailing list