Re: [ietf-smtp] How to encrypt SMTP?
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 28 October 2019 14:42 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E15461208CD for <ietf-smtp@ietfa.amsl.com>; Mon, 28 Oct 2019 07:42:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-v1CfQgDl2Q for <ietf-smtp@ietfa.amsl.com>; Mon, 28 Oct 2019 07:42:13 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D740D1208ED for <ietf-smtp@ietf.org>; Mon, 28 Oct 2019 07:42:11 -0700 (PDT)
Received: from [192.168.1.161] (unknown [192.168.1.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id E4B382C49DB for <ietf-smtp@ietf.org>; Mon, 28 Oct 2019 10:42:10 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <20191027150013.5715BD79FC5@ary.qy>
Date: Mon, 28 Oct 2019 10:42:07 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: ietf-smtp@ietf.org
Message-Id: <75EFF280-482A-4CD8-AA68-96F37E6A38C6@dukhovni.org>
References: <20191027150013.5715BD79FC5@ary.qy>
To: ietf-smtp@ietf.org
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/SeOqIFHXXC2CJwBltVaTfqLOQgk>
Subject: Re: [ietf-smtp] How to encrypt SMTP?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2019 14:42:20 -0000
> On Oct 27, 2019, at 11:00 AM, John Levine <johnl@taugh.com> wrote: > >> Bottom line, sign-away, you'll not have any issues, unless your domain >> is hosted by a small number of small (mostly Dutch) providers. > > I agree that the DNSSEC problems have close to nothing to do with mail issues. > But it's hard to sign the MX records for a domain without also signing the A > and AAAA records. Yes, signatures are zone-wide, but while mobile clients behind broken middleboxes may not be able to take advantage of DNSSEC signatures, they generally continue to function, with DNS security disabled. Were that not the case, ~10 million signed domains would have DNSSEC-related problems serving web pages (which is not the case). Top 20 slightly dated website ranks of DNSSEC signed domains: 50 mozilla.org 75 nih.gov 84 paypal.com 91 europa.eu 132 force.com 181 stanford.edu 194 quizlet.com 210 cloudflare.com 221 nasa.gov 228 debian.org 235 canva.com 240 time.com 246 cdc.gov 251 taboola.com 262 foxnews.com 268 washingtonexaminer.com 280 mediafire.com 281 statcounter.com 283 thestartmagazine.com 304 berkeley.edu -- Viktor.
- [ietf-smtp] How to encrypt SMTP? Дилян Палаузов
- Re: [ietf-smtp] How to encrypt SMTP? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Hector Santos
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni
- Re: [ietf-smtp] How to encrypt SMTP? Дилян Палаузов
- Re: [ietf-smtp] How to encrypt SMTP? Jeremy Harris
- Re: [ietf-smtp] How to encrypt SMTP? John R Levine
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Дилян Палаузов
- Re: [ietf-smtp] encouraging PRDR (was: How to enc… Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni