ietf
[Top] [All Lists]

Re: Comments on Draft IRTF ASRG DNSBL - 07

2008-11-12 19:34:52

In message 
<alpine(_dot_)LSU(_dot_)2(_dot_)00(_dot_)0811121752110(_dot_)14367(_at_)hermes-1(_dot_)csi(_dot_)cam(_dot_)ac(_dot_)uk>,
 Tony Fi
nch writes:
On Wed, 12 Nov 2008, Mark Andrews wrote:

It also stops the small sites being able to use cryptography to stop man
in the middle attacks as they are forced to insert a middle man.

SMTP over TLS to an MX does NOT protect against man in the middle attacks.

        It does when you turn on DNSSEC so that it covers the MX
        RRset, or the synthesized MX RRset when there is no MX RRset
        but there are address records (also covered by DNSSEC), and
        match the server certificate to the (synthesized) name in
        the MX record.

        We have the technology to do this.  People just need to use it.

        Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf