Re: More haste, less speed.

On Mar 6, 2017, at 3:12 PM, Phillip Hallam-Baker 
<phill(_at_)hallambaker(_dot_)com> wrote:

Again, you are mistaken.


I think you meant to say, that you disagree, at least in general, but that your
experience in the SMTP space is more limited, so I might be right in the SMTP 
case.

Security Policy can benefit from DNSSEC but it absolutely does not require 
DNSSEC
to provide value.


This is not true for SMTP, which is vulnerable to downgrade attacks if the 
security
policy is not made tamper-resistant.

Since the current Internet security policy is to require no security, any 
policy
publication mechanism adds value over the baseline.


Yes, against passive attacks, but STARTTLS is already sufficient for that.

-- 
        Viktor.

<Prev in Thread]	Current Thread	[Next in Thread>
More haste, less speed., Phillip Hallam-Baker Re: More haste, less speed., Viktor Dukhovni Re: More haste, less speed., Phillip Hallam-Baker Re: More haste, less speed., Viktor Dukhovni <= Re: More haste, less speed., Gary E. Miller Re: More haste, less speed., Viktor Dukhovni Re: More haste, less speed., Joe Touch

Previous by Date:	Re: More haste, less speed., Phillip Hallam-Baker
Next by Date:	Re: More haste, less speed., Gary E. Miller
Previous by Thread:	Re: More haste, less speed., Phillip Hallam-Baker
Next by Thread:	Re: More haste, less speed., Gary E. Miller
Indexes:	[Date] [Thread] [Top] [All Lists]