On Mon, Mar 02, 2015 at 01:35:29PM -0500, John C Klensin wrote:
but we can prevent downgrade attacks from succeeding.
If the MTA implements opportunistic DANE TLS, and usable TLSA
records *are* published, then it MUST use STARTTLS and
authenticate the peer via said TLSA records.
http://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-14#section-2.2
Victor,
[ Well known details elided. ]
Neither DNSSEC nor DANE prevent or detect
those attacks. They may actually be harmful if they give the
user a false sense of security.
Since the user is not around for MTA-to-MTA SMTP transmission there
is no opportunity for any false sense of security. So I object to
a characterization of improved hop by hop transport security as
"harmful". This is not the thread to deep dive into that.
--
Viktor.