Re: [keyassure] PKIX/KIDNS validation results and draft-hoffman-keys-linkage-from-dns
Tony Finch <dot@dotat.at> Wed, 03 November 2010 23:21 UTC
Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E91EF3A6848 for <keyassure@core3.amsl.com>; Wed, 3 Nov 2010 16:21:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.203
X-Spam-Level:
X-Spam-Status: No, score=-1.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4oD8qaSHNxg4 for <keyassure@core3.amsl.com>; Wed, 3 Nov 2010 16:21:14 -0700 (PDT)
Received: from ppsw-50.csi.cam.ac.uk (ppsw-50.csi.cam.ac.uk [131.111.8.150]) by core3.amsl.com (Postfix) with ESMTP id C13353A67D0 for <keyassure@ietf.org>; Wed, 3 Nov 2010 16:21:14 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from 87.114.184.140.plusnet.thn-ag1.dyn.plus.net ([87.114.184.140]:50853 helo=[192.168.1.5]) by ppsw-50.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:587) with esmtpsa (PLAIN:fanf2) (TLSv1:AES128-SHA:128) id 1PDmds-0005sP-qI (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 03 Nov 2010 23:21:20 +0000
References: <p0624086dc8ef9feba340@10.20.30.151> <B6CEBA10-0198-4AB3-B6D4-E7D835FD47F1@princeton.edu> <AANLkTin-CqduBX5ibUCb0+1Lr-GXJ-KGd8YxzjUTPEO7@mail.gmail.com> <CA58B286-8F9D-423D-B9BF-91347F6FD960@Princeton.EDU> <1288462840.1977.4.camel@mattlaptop2.local> <69345A7D-4834-40E4-99C2-EDF3FC2DDEB3@Princeton.EDU> <1288469609.1977.178.camel@mattlaptop2.local> <EAC89FC3-184C-449C-AE5B-E3950578ED30@Princeton.EDU> <1288477403.1977.319.camel@mattlaptop2.local> <m3wroz6x81.fsf@jhcloos.com> <20101031010146.GA4930@LK-Perkele-V2.elisa-laajakaista.fi> <m3hbg355hv.fsf@jhcloos.com> <A0A8C24A-D042-4412-B6D5-35909495A83A@kirei.se> <alpine.LSU.2.00.1011031639050.12004@hermes-2.csi.cam.ac.uk> <D934640B-B49A-49E3-B2E6-29C14F220AA2@kirei.se>
In-Reply-To: <D934640B-B49A-49E3-B2E6-29C14F220AA2@kirei.se>
Mime-Version: 1.0 (iPhone Mail 8B117)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <BFAFBFD1-8B68-4483-8482-EC664E999632@dotat.at>
X-Mailer: iPhone Mail (8B117)
From: Tony Finch <dot@dotat.at>
Date: Wed, 03 Nov 2010 23:21:20 +0000
To: Jakob Schlyter <jakob@kirei.se>
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: Steve Schultze <sjs@Princeton.EDU>, "keyassure@ietf.org" <keyassure@ietf.org>
Subject: Re: [keyassure] PKIX/KIDNS validation results and draft-hoffman-keys-linkage-from-dns
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Nov 2010 23:21:16 -0000
On 3 Nov 2010, at 20:32, Jakob Schlyter <jakob@kirei.se> wrote: > > I most likely do not have the same key material for all SMTP servers. There's nothing stopping you from having multiple cert records alongside your MX records. It's easy to ensure the DNS is correct if your MXs are managed as a coherent service. Old style secondary MXs cause significant operational problems and no longer have any advantages. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/
- [keyassure] PKIX/KIDNS validation results and dra… Stephen Schultze
- Re: [keyassure] PKIX/KIDNS validation results and… Paul Hoffman
- Re: [keyassure] PKIX/KIDNS validation results and… Stephen Farrell
- Re: [keyassure] PKIX/KIDNS validation results and… Paul Hoffman
- Re: [keyassure] PKIX/KIDNS validation results and… Jeffrey A. Williams
- Re: [keyassure] PKIX/KIDNS validation results and… Steve Schultze
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Steve Schultze
- Re: [keyassure] PKIX/KIDNS validation results and… Ben Laurie
- Re: [keyassure] PKIX/KIDNS validation results and… Ben Laurie
- Re: [keyassure] PKIX/KIDNS validation results and… Jeffrey A. Williams
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Ben Laurie
- Re: [keyassure] PKIX/KIDNS validation results and… Steve Schultze
- Re: [keyassure] PKIX/KIDNS validation results and… Steve Schultze
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Jeffrey A. Williams
- Re: [keyassure] PKIX/KIDNS validation results and… Matt McCutchen
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Jeffrey A. Williams
- Re: [keyassure] PKIX/KIDNS validation results and… Steve Schultze
- Re: [keyassure] PKIX/KIDNS validation results and… Matt McCutchen
- Re: [keyassure] PKIX/KIDNS validation results and… Matt McCutchen
- Re: [keyassure] PKIX/KIDNS validation results and… Steve Schultze
- Re: [keyassure] PKIX/KIDNS validation results and… Jeffrey A. Williams
- Re: [keyassure] PKIX/KIDNS validation results and… Matt McCutchen
- Re: [keyassure] PKIX/KIDNS validation results and… Ilari Liusvaara
- Re: [keyassure] PKIX/KIDNS validation results and… James Cloos
- Re: [keyassure] PKIX/KIDNS validation results and… Warren Kumari
- Re: [keyassure] PKIX/KIDNS validation results and… Warren Kumari
- Re: [keyassure] PKIX/KIDNS validation results and… Ilari Liusvaara
- Re: [keyassure] PKIX/KIDNS validation results and… Warren Kumari
- Re: [keyassure] PKIX/KIDNS validation results and… Warren Kumari
- Re: [keyassure] PKIX/KIDNS validation results and… Ilari Liusvaara
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… James Cloos
- Re: [keyassure] PKIX/KIDNS validation results and… James Cloos
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Matt McCutchen
- Re: [keyassure] PKIX/KIDNS validation results and… Jakob Schlyter
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Jakob Schlyter
- Re: [keyassure] PKIX/KIDNS validation results and… Andrew Sullivan
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Warren Kumari
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Ondřej Surý
- Re: [keyassure] PKIX/KIDNS validation results and… Ondřej Surý
- Re: [keyassure] PKIX/KIDNS validation results and… Warren Kumari
- Re: [keyassure] PKIX/KIDNS validation results and… Warren Kumari
- Re: [keyassure] PKIX/KIDNS validation results and… Ondřej Surý
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Tony Finch
- Re: [keyassure] PKIX/KIDNS validation results and… Tony Finch
- Re: [keyassure] PKIX/KIDNS validation results and… Paul Hoffman
- Re: [keyassure] PKIX/KIDNS validation results and… Tony Finch
- Re: [keyassure] PKIX/KIDNS validation results and… Tony Finch
- Re: [keyassure] PKIX/KIDNS validation results and… Tony Finch
- Re: [keyassure] PKIX/KIDNS validation results and… Phillip Hallam-Baker
- Re: [keyassure] PKIX/KIDNS validation results and… Paul Hoffman
- Re: [keyassure] PKIX/KIDNS validation results and… Tony Finch
- Re: [keyassure] PKIX/KIDNS validation results and… Paul Hoffman
- Re: [keyassure] PKIX/KIDNS validation results and… Ilari Liusvaara
- Re: [keyassure] PKIX/KIDNS validation results and… Tony Finch
- Re: [keyassure] PKIX/KIDNS validation results and… Jeffrey A. Williams
- Re: [keyassure] PKIX/KIDNS validation results and… Jakob Schlyter
- Re: [keyassure] PKIX/KIDNS validation results and Martin Rex
- Re: [keyassure] PKIX/KIDNS validation results and Jakob Schlyter
- Re: [keyassure] PKIX/KIDNS validation results and… Tony Finch
- Re: [keyassure] PKIX/KIDNS validation results and… Olafur Gudmundsson