Re: [dane] DANE coming to Microsoft O365 (In case you did not already see the announcement elsewhere)

Warren Kumari <> Thu, 09 April 2020 12:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E46FB3A0A85 for <>; Thu, 9 Apr 2020 05:51:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id S0SHykIrLvL5 for <>; Thu, 9 Apr 2020 05:51:40 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A7A7D3A0A82 for <>; Thu, 9 Apr 2020 05:51:40 -0700 (PDT)
Received: by with SMTP id s13so7797937lfb.9 for <>; Thu, 09 Apr 2020 05:51:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=T4104GJRYe/RYeDRp3fp0nIyKSFJC1uTTkTOcskaBYc=; b=dgtKIkKfWiZntTQFMLej/SmSSzUGOz5Z+LaxYEacrfF4Uxe8C5agSXFYlPOLYSs0vp liMGBZO7qXb+eQuaBoPr3oyWHdJMlO8DfhIAHgcq35Jyfo6qdk651IuBc0PzZ3sky1q3 R7bie0kyAnQmPPLW3TG8ZC552sF/0C0DD7RGz5uLC5UC8scOsQsyu5f7cizSs09U/vGf s/EYRG1XXX7gzPKMCXblmsOEKS20bjH6aH+CR6sRMYQs/V7Y7TTeYDF4kd9CKx411tom Rsf+jtQDspqDE/HaTg6dLVRSjQ0xWOGSBViMIzbS4dYc2z5AQZfSwY8/Xrwwc83MfkDJ baXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=T4104GJRYe/RYeDRp3fp0nIyKSFJC1uTTkTOcskaBYc=; b=Jq77hd9iRl+YstoTkw45RSMe9bPojHyhHvmaE5FsRuSj0rOzUG1diTY0Bv9tQRx+x9 Iuv8EKLYSzkbL/cAo/CqglVanjoZa9qbFueQ8zIpW5zP6iAMMozHw2YbZNJzR/vsSqRa HhF97+c0StLY2x2KvYihV/2c9a2LdkHnqLAQaFPhYzwwnIGV+iRwHF/Ifc9rwCC8rpFU LO2ZC/u3RhNEF9NQA0nkx3vfUW26E/ficZjTGtnEHaBkCu27zk7vsiDA/0zueyjg2SUm XKLtKiAiUiEZgcZhKsEU0PBgOo8/Oo/LS5Vv/rRVyVSh9iwinx1jTlitaLY4xhZyTsGL HU2g==
X-Gm-Message-State: AGi0PubvyFobfG/ibbQ6+o3+nD3TrltTC8/TVi6GMx3d/XFPv0puX+zK nckwTscXon/6/XXsikigRCX5b/gg1PQSknWFa7u6G6EB
X-Google-Smtp-Source: APiQypKz3u1g9U1chgkBpg9XVrMNxohzx+fRTUSeEicxVl8O/w9hrXaMKSIpykRf1R1Ecvv2maDM8DjCFgwwoSNLlzU=
X-Received: by 2002:ac2:4426:: with SMTP id w6mr7678649lfl.8.1586436698704; Thu, 09 Apr 2020 05:51:38 -0700 (PDT)
MIME-Version: 1.0
References: <> <20200408221636.GT18021@localhost>
In-Reply-To: <20200408221636.GT18021@localhost>
From: Warren Kumari <>
Date: Thu, 9 Apr 2020 08:51:02 -0400
Message-ID: <>
To: Nico Williams <>
Cc: dane WG list <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [dane] DANE coming to Microsoft O365 (In case you did not already see the announcement elsewhere)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 09 Apr 2020 12:51:43 -0000

On Wed, Apr 8, 2020 at 6:16 PM Nico Williams <> wrote:
> On Wed, Apr 08, 2020 at 05:38:50PM -0400, Viktor Dukhovni wrote:
> > Here's the story from "El Reg":
> Let me be the first to congratulate you here.
> For those who don't know, Viktor has been doing the thankless work of
> surveying the DNS for DNSSEC/DANE breakage, and informing postmasters of
> it, for a bunch of years now.
> Without that work DNSSEC and DANE could fail from entropy much sooner
> than entropy would take the Internet as a whole.
> Once large e-mail operators start using DANE for inbound (by the end
> 2021 for Microsoft) and outbound (by the end of 2020 for Microsoft),
> postmasters will have strong incentives to monitor their own zones and
> keep them from breaking.  Once that's done, we'll be able to leverage
> DNSSEC and DANE for other things than e-mail.
> Hats off to Viktor!

Yes, that's a really good point - thank you Viktor for being such a
champion of DANE, and continuing to beat the drum...


> Nico
> --
> _______________________________________________
> dane mailing list

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.