Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-e

In any case, absent DNSSEC validated SRV records, there is no good
way to deploy transport security for *hosted* submission and imap
services without users manually selecting the underlying provider
hostnames as the service endpoint.


Yup.  We're exactly where we are now, he said tautologically.

With DNSSEC validated SRV records, one may as well use DANE.  That
said, DNSSEC is as yet not a ubiquitous viable option for mobile
clients, we need many years of upgrades of public WiFi networks
before one might be able to expect DNSSEC signed SRV records to
reach one's mobile device.


I wouldn't disagree, but I also don't see anything on the horizon
better than SRV+DNSSEC.  It's an architectural fact that mail servers
host lots of domains, and that server configuration has historically
been pretty casual.

R's,
John

<Prev in Thread]	Current Thread	[Next in Thread>
Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), (continued) Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), John R Levine Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Viktor Dukhovni Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Harald Alvestrand Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Alexey Melnikov Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Harald Alvestrand Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), John Levine Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Harald Alvestrand Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Viktor Dukhovni Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), John Levine Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Viktor Dukhovni Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), John Levine <= Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Viktor Dukhovni Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), John Levine Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Harald Alvestrand Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Viktor Dukhovni Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Harald Alvestrand Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), John Levine Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Alexey Melnikov Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Alessandro Vesely Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>), Alexey Melnikov

Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>)