ietf
[Top] [All Lists]

Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>)

2015-12-07 13:53:17
On Thu 03/Dec/2015 21:59:32 +0100 Harald Alvestrand wrote: 

The "technical omission" here is "using 6186 together with mail servers
supporting a high number of domains is going to be painful, and this
document doesn't say how to solve it".

Painful = non-zeroconf, but why?.  An easy way to host 50,000 email domains
without DNSSEC is to redirect them all to the same SRV targets.  A few
certificates suffice.  The client-side "oneconf" setup should then ask:

   Is your mail hosted by <mail.example>? [confirm] [deny]

Possibly, it would also recall that property upon request.  I wouldn't call
"painful" getting such awareness, I'd be grateful.

IMHO, the above way is better than defining 50,000 email servers without proper
certificates, or without DNSSEC.  Can the I-D say so?

Ale

<Prev in Thread] Current Thread [Next in Thread>