Re: [dane] email canonicalization for SMIMEA owner names

"John Levine" <> Sat, 13 December 2014 04:48 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 529001A87C1 for <>; Fri, 12 Dec 2014 20:48:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.037
X-Spam-Status: No, score=-1.037 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qABEPBroFpCH for <>; Fri, 12 Dec 2014 20:48:01 -0800 (PST)
Received: from ( [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EE7411A802C for <>; Fri, 12 Dec 2014 20:48:00 -0800 (PST)
Received: (qmail 5089 invoked from network); 13 Dec 2014 04:47:55 -0000
Received: from ( by with QMQP; 13 Dec 2014 04:47:55 -0000
Date: Sat, 13 Dec 2014 04:47:37 -0000
Message-ID: <20141213044737.14765.qmail@ary.lan>
From: John Levine <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Subject: Re: [dane] email canonicalization for SMIMEA owner names
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 13 Dec 2014 04:48:02 -0000

In article <> you write:
>On Fri, Dec 12, 2014 at 05:50:10PM -0500, James Cloos wrote:
>> VD> of the protocol.
>> The only issue with using SRV is that the http GET path would have to be
>> standardized, which could be an pain if the advertized MXs already serve
>> https for something else.
>I was thinking of multiplexing by port, rather than URI.  So that
>the service in question really could be a light-weight HTTPS server
>add-on to an MTA, rather than an HTTP application in a general
>purpose HTTPS server.

Before we go too far down this road, we might check with some people
who run large mail systems and ask how likely they are to spin up an
all new address verification server.  It doesn't seem very likely to

The DNS has its faults, but it has the great advantage of already existing.