Re: [dane] DANE for MX host via insecure MX RR?

Michael Ströder <michael@stroeder.com> Thu, 10 September 2015 18:28 UTC

To: dane@ietf.org
References: <D976ACCE-8F15-448C-A5E4-B8D1FD329A8B@frobbit.se> <20150824031926.GF9021@mournblade.imrryr.org> <55F1B075.5060809@stroeder.com> <20150910165337.GZ21942@mournblade.imrryr.org> <55F1C362.4000607@stroeder.com> <20150910181822.GF21942@mournblade.imrryr.org>
From: Michael Ströder <michael@stroeder.com>
Message-ID: <55F1CBC3.20406@stroeder.com>
Date: Thu, 10 Sep 2015 20:28:19 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 SeaMonkey/2.35
MIME-Version: 1.0
In-Reply-To: <20150910181822.GF21942@mournblade.imrryr.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010704090503070100010406"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/AuPhkTodaPUY5gp-mTAh0e5y5Ws>
Subject: Re: [dane] DANE for MX host via insecure MX RR?
Precedence: list

Viktor Dukhovni wrote:
> On Thu, Sep 10, 2015 at 07:52:34PM +0200, Michael Ströder wrote:
>> People should be prepared that some MTAs will require signed MX RRs.
> 
> [..]  Without signed MX RRs, many sites will not take advantage of DANE
> TLSA RRs for the corresponding MX hosts even if present.

That's what I meant.

> That's different from requiring the MX
> RRset to be signed in the first place.

Yes.

Ciao, Michael.

Attachment: smime.p7s

[dane] Delivery of email if MX is not signed Patrik Fältström
Re: [dane] Delivery of email if MX is not signed Paul Wouters
Re: [dane] Delivery of email if MX is not signed Patrik Fältström
Re: [dane] Delivery of email if MX is not signed Paul Wouters
Re: [dane] Delivery of email if MX is not signed Patrik Fältström
Re: [dane] Delivery of email if MX is not signed lst_hoe02
Re: [dane] Delivery of email if MX is not signed lst_hoe02
Re: [dane] Delivery of email if MX is not signed Peter Koch
Re: [dane] Delivery of email if MX is not signed Patrik Fältström
Re: [dane] Delivery of email if MX is not signed Patrik Fältström
Re: [dane] Delivery of email if MX is not signed Paul Wouters
Re: [dane] Delivery of email if MX is not signed Viktor Dukhovni
Re: [dane] Delivery of email if MX is not signed Viktor Dukhovni
Re: [dane] Delivery of email if MX is not signed Patrik Fältström
Re: [dane] Delivery of email if MX is not signed Viktor Dukhovni
Re: [dane] Delivery of email if MX is not signed Patrik Fältström
Re: [dane] Delivery of email if MX is not signed Patrik Fältström
Re: [dane] Delivery of email if MX is not signed Viktor Dukhovni
Re: [dane] DANE for MX host via insecure MX RR? (… Viktor Dukhovni
Re: [dane] Delivery of email if MX is not signed Paul Wouters
Re: [dane] Delivery of email if MX is not signed Patrik Fältström
Re: [dane] DANE for MX host via insecure MX RR? Michael Ströder
Re: [dane] DANE for MX host via insecure MX RR? Viktor Dukhovni
Re: [dane] DANE for MX host via insecure MX RR? Michael Ströder
Re: [dane] DANE for MX host via insecure MX RR? Viktor Dukhovni
Re: [dane] DANE for MX host via insecure MX RR? Michael Ströder

Re: [dane] DANE for MX host via insecure MX RR?

Attachment: smime.p7s