Re: [DNSOP] Declaring HTTPS mandatory in the DNS
Tony Finch <dot@dotat.at> Wed, 21 November 2012 14:01 UTC
Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88E0121F8235 for <dnsop@ietfa.amsl.com>; Wed, 21 Nov 2012 06:01:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.762
X-Spam-Level:
X-Spam-Status: No, score=-5.762 tagged_above=-999 required=5 tests=[AWL=0.837, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VnKvdh4aP-it for <dnsop@ietfa.amsl.com>; Wed, 21 Nov 2012 06:01:00 -0800 (PST)
Received: from ppsw-41.csi.cam.ac.uk (ppsw-41.csi.cam.ac.uk [131.111.8.141]) by ietfa.amsl.com (Postfix) with ESMTP id 8713C21F8203 for <dnsop@ietf.org>; Wed, 21 Nov 2012 06:01:00 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-1.csi.cam.ac.uk ([131.111.8.51]:34276) by ppsw-41.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.156]:25) with esmtpa (EXTERNAL:fanf2) id 1TbArI-0008PQ-Qe (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 21 Nov 2012 14:00:56 +0000
Received: from fanf2 by hermes-1.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1TbArI-0001dj-7Y (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 21 Nov 2012 14:00:56 +0000
Date: Wed, 21 Nov 2012 14:00:56 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-1.csi.cam.ac.uk
To: Paul Wouters <paul@cypherpunks.ca>
In-Reply-To: <alpine.LFD.2.02.1211191345200.27109@bofh.nohats.ca>
Message-ID: <alpine.LSU.2.00.1211211357300.27013@hermes-1.csi.cam.ac.uk>
References: <20121119101834.GA23238@nic.fr> <20121119140543.GB28040@odin.ulthar.us> <20121119144132.GB3753@nic.fr> <ACA12058-D6F3-48FB-9237-ADFECAAFB4F2@vpnc.org> <alpine.LFD.2.02.1211191345200.27109@bofh.nohats.ca>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: dnsop <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] Declaring HTTPS mandatory in the DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2012 14:01:01 -0000
Paul Wouters <paul@cypherpunks.ca> wrote: > > That will probably lead to people using the TLSA record as a pointer to > "do not connect without TLS". I wrote that requirement into my DANE for email drafts. http://tools.ietf.org/html/draft-fanf-dane-smtp-04#section-3.2 http://tools.ietf.org/html/draft-fanf-dane-mua-00#section-3 Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first.
- [DNSOP] Declaring HTTPS mandatory in the DNS Stephane Bortzmeyer
- Re: [DNSOP] Declaring HTTPS mandatory in the DNS Kevin Darcy
- Re: [DNSOP] Declaring HTTPS mandatory in the DNS Scott Schmit
- Re: [DNSOP] Declaring HTTPS mandatory in the DNS Stephane Bortzmeyer
- Re: [DNSOP] Declaring HTTPS mandatory in the DNS Kevin Darcy
- Re: [DNSOP] Declaring HTTPS mandatory in the DNS Paul Hoffman
- Re: [DNSOP] Declaring HTTPS mandatory in the DNS Paul Wouters
- Re: [DNSOP] Declaring HTTPS mandatory in the DNS Tony Finch
- Re: [DNSOP] Declaring HTTPS mandatory in the DNS dgq2011