Re: [dane] DANE coming to Microsoft O365 (In case you did not already see the announcement elsewhere)

Nico Williams <> Wed, 08 April 2020 22:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E9DFF3A1888 for <>; Wed, 8 Apr 2020 15:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TlIR0IcebRdg for <>; Wed, 8 Apr 2020 15:16:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 88D663A0810 for <>; Wed, 8 Apr 2020 15:16:43 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|
Received: from (localhost []) by (Postfix) with ESMTP id 9D694100A26; Wed, 8 Apr 2020 22:16:42 +0000 (UTC)
Received: from (100-96-10-8.trex.outbound.svc.cluster.local []) (Authenticated sender: dreamhost) by (Postfix) with ESMTPA id 00962100A37; Wed, 8 Apr 2020 22:16:41 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by (trex/5.18.6); Wed, 08 Apr 2020 22:16:42 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|
X-MailChannels-Auth-Id: dreamhost
X-Shade-Decisive: 28caf7de2ab92045_1586384202415_144030916
X-MC-Loop-Signature: 1586384202415:1903469240
X-MC-Ingress-Time: 1586384202414
Received: from (localhost []) by (Postfix) with ESMTP id B072E7F115; Wed, 8 Apr 2020 15:16:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to;; bh=lI2afxyy716U5bKVTYlxoIpd8rE =; b=pr7P9kGZ/OZ+RZ5CV2QnO+9UafuAT6BVVF4z+0uaHS60M4/7HhU5qUQxZoL N+6rxACZZN9VOWTX8OFhvrcb/okLHztMTbwctY2sL2+iJ9BK8SljHgiKOoF8XmXk Wwa4GRNMbBbCEAEUbvJznLc2XVPEiiSkRLd+6mXFUp0QRvI4=
Received: from localhost (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 3E3AA7F110; Wed, 8 Apr 2020 15:16:40 -0700 (PDT)
Date: Wed, 8 Apr 2020 17:16:38 -0500
X-DH-BACKEND: pdx1-sub0-mail-a81
From: Nico Williams <>
Message-ID: <20200408221636.GT18021@localhost>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedrudekgddtgecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucffohhmrghinhepthhhvghrvghgihhsthgvrhdrtghordhukhenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Archived-At: <>
Subject: Re: [dane] DANE coming to Microsoft O365 (In case you did not already see the announcement elsewhere)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 Apr 2020 22:16:45 -0000

On Wed, Apr 08, 2020 at 05:38:50PM -0400, Viktor Dukhovni wrote:
> Here's the story from "El Reg":

Let me be the first to congratulate you here.

For those who don't know, Viktor has been doing the thankless work of
surveying the DNS for DNSSEC/DANE breakage, and informing postmasters of
it, for a bunch of years now.

Without that work DNSSEC and DANE could fail from entropy much sooner
than entropy would take the Internet as a whole.

Once large e-mail operators start using DANE for inbound (by the end
2021 for Microsoft) and outbound (by the end of 2020 for Microsoft),
postmasters will have strong incentives to monitor their own zones and
keep them from breaking.  Once that's done, we'll be able to leverage
DNSSEC and DANE for other things than e-mail.

Hats off to Viktor!