Re: [dane] DANE coming to Microsoft O365 (In case you did not already see the announcement elsewhere)

Nico Williams <nico@cryptonector.com> Wed, 08 April 2020 22:16 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9DFF3A1888 for <dane@ietfa.amsl.com>; Wed, 8 Apr 2020 15:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TlIR0IcebRdg for <dane@ietfa.amsl.com>; Wed, 8 Apr 2020 15:16:43 -0700 (PDT)
Received: from camel.birch.relay.mailchannels.net (camel.birch.relay.mailchannels.net [23.83.209.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88D663A0810 for <dane@ietf.org>; Wed, 8 Apr 2020 15:16:43 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 9D694100A26; Wed, 8 Apr 2020 22:16:42 +0000 (UTC)
Received: from pdx1-sub0-mail-a81.g.dreamhost.com (100-96-10-8.trex.outbound.svc.cluster.local [100.96.10.8]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 00962100A37; Wed, 8 Apr 2020 22:16:41 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a81.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.6); Wed, 08 Apr 2020 22:16:42 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Shade-Decisive: 28caf7de2ab92045_1586384202415_144030916
X-MC-Loop-Signature: 1586384202415:1903469240
X-MC-Ingress-Time: 1586384202414
Received: from pdx1-sub0-mail-a81.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a81.g.dreamhost.com (Postfix) with ESMTP id B072E7F115; Wed, 8 Apr 2020 15:16:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; s=cryptonector.com; bh=lI2afxyy716U5bKVTYlxoIpd8rE =; b=pr7P9kGZ/OZ+RZ5CV2QnO+9UafuAT6BVVF4z+0uaHS60M4/7HhU5qUQxZoL N+6rxACZZN9VOWTX8OFhvrcb/okLHztMTbwctY2sL2+iJ9BK8SljHgiKOoF8XmXk Wwa4GRNMbBbCEAEUbvJznLc2XVPEiiSkRLd+6mXFUp0QRvI4=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a81.g.dreamhost.com (Postfix) with ESMTPSA id 3E3AA7F110; Wed, 8 Apr 2020 15:16:40 -0700 (PDT)
Date: Wed, 8 Apr 2020 17:16:38 -0500
X-DH-BACKEND: pdx1-sub0-mail-a81
From: Nico Williams <nico@cryptonector.com>
To: dane@ietf.org
Message-ID: <20200408221636.GT18021@localhost>
References: <7747EDE7-3B4F-4391-97A8-F26643BB86ED@dukhovni.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7747EDE7-3B4F-4391-97A8-F26643BB86ED@dukhovni.org>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: 0
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedrudekgddtgecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucffohhmrghinhepthhhvghrvghgihhsthgvrhdrtghordhukhenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/OER-Xn-5jJVGKkhI14FDmIKvLvQ>
Subject: Re: [dane] DANE coming to Microsoft O365 (In case you did not already see the announcement elsewhere)
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2020 22:16:45 -0000

On Wed, Apr 08, 2020 at 05:38:50PM -0400, Viktor Dukhovni wrote:
> Here's the story from "El Reg": https://www.theregister.co.uk/2020/04/07/microsoft_dane_office/

Let me be the first to congratulate you here.

For those who don't know, Viktor has been doing the thankless work of
surveying the DNS for DNSSEC/DANE breakage, and informing postmasters of
it, for a bunch of years now.

Without that work DNSSEC and DANE could fail from entropy much sooner
than entropy would take the Internet as a whole.

Once large e-mail operators start using DANE for inbound (by the end
2021 for Microsoft) and outbound (by the end of 2020 for Microsoft),
postmasters will have strong incentives to monitor their own zones and
keep them from breaking.  Once that's done, we'll be able to leverage
DNSSEC and DANE for other things than e-mail.

Hats off to Viktor!

Nico
--