Re: [DNSOP] DNSOP Digest, Vol 123, Issue 70

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 21 February 2017 04:34 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2225129A1E for <dnsop@ietfa.amsl.com>; Mon, 20 Feb 2017 20:34:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAel3m5ZLmTj for <dnsop@ietfa.amsl.com>; Mon, 20 Feb 2017 20:34:55 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B391129A5B for <dnsop@ietf.org>; Mon, 20 Feb 2017 20:34:55 -0800 (PST)
Received: from vpro.lan (cpe-74-71-8-253.nyc.res.rr.com [74.71.8.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 0B9697A3302 for <dnsop@ietf.org>; Tue, 21 Feb 2017 04:34:54 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <mailman.3756.1487625592.4453.dnsop@ietf.org>
Date: Mon, 20 Feb 2017 23:34:52 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <B79BC2F7-7EC9-438A-B478-74AE6731591D@dukhovni.org>
References: <mailman.3756.1487625592.4453.dnsop@ietf.org>
To: dnsop@ietf.org
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/0jtMizf7hRoFtzOMbj1NTwZtcPE>
Subject: Re: [DNSOP] DNSOP Digest, Vol 123, Issue 70
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: dnsop@ietf.org
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2017 04:34:57 -0000

> On Feb 20, 2017, at 4:19 PM, dnsop-request@ietf.org wrote:
> 
> Accept that TLSA is dead. Don't tilt at windmills with yet more discovery schemes.

There at least ~2400 MX hosts with published TLSA records for SMTP serving over
100k domains and growing.  In addition to Postfix and Exim, vendors are starting
to implement DANE for SMTP.  Adoption is not surprisingly slow, but TLSA for SMTP
is certainly not "dead", and adoption will accelerate as more MTAs and service
providers add support.

If you're talking about TLSA for HTTPS, then indeed it is not likely to be used
at all soon...  Whether that's dead or just dormant is presently academic.

-- 
	Viktor.