On Thu 03/Dec/2015 21:59:32 +0100 Harald Alvestrand wrote:
The "technical omission" here is "using 6186 together with mail servers
supporting a high number of domains is going to be painful, and this
document doesn't say how to solve it".
Painful = non-zeroconf, but why?. An easy way to host 50,000 email domains
without DNSSEC is to redirect them all to the same SRV targets. A few
certificates suffice. The client-side "oneconf" setup should then ask:
Is your mail hosted by <mail.example>? [confirm] [deny]
Possibly, it would also recall that property upon request. I wouldn't call
"painful" getting such awareness, I'd be grateful.
IMHO, the above way is better than defining 50,000 email servers without proper
certificates, or without DNSSEC. Can the I-D say so?
Ale