IETF Logo Mail Archive

Re: [Uta] NEWSFLASH: DANE TLSA records published for web.de!

Daniel Margolis <dmargolis@google.com> Mon, 25 April 2016 08:06 UTC

Return-Path: <dmargolis@google.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82BB612D525 for <uta@ietfa.amsl.com>; Mon, 25 Apr 2016 01:06:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.696
X-Spam-Level:
X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F1RpZ3FLYqqO for <uta@ietfa.amsl.com>; Mon, 25 Apr 2016 01:06:56 -0700 (PDT)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E3A712D522 for <uta@ietf.org>; Mon, 25 Apr 2016 01:06:55 -0700 (PDT)
Received: by mail-ig0-x22f.google.com with SMTP id c3so2861612igl.0 for <uta@ietf.org>; Mon, 25 Apr 2016 01:06:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=m2Xv0KsxMdv8TvWyzJ3oc5xAuJ46ld8boEnGS2QSfTo=; b=Qm1Cpzl+4RN6X5/Nm2wBQXjiG+VBobLW2CcrwtiWKhBPIHjRsDPsYnir3wJ87CaLWR E7SxjN5rfj3A3Wvz2Ztl5jVLqY2tQnf0wamsk+jKif1+3Nw2HqfC2m8GcVM6aW1qIh3W VnbYJ3MmPDNkOTJSmN2nWOncgNkuvtSR9eKR0r0GowVz9n8OvBOkSmRFUTd9qnw9pRX6 EZWMZhaPSRezjlu25aE8ESs8VwpmYTNv5/Qbh0ttKbtHl5v/AFQ92nPwsn51qO7Kb1fY PGyQJ/xpnGDoc+gIwwQcGsMWs6K6IVRR8H1xfihEjtHOCLbaktCMmUgKKHdyzP85VUjV 5J2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=m2Xv0KsxMdv8TvWyzJ3oc5xAuJ46ld8boEnGS2QSfTo=; b=KUE0YOFxcIM1k9YtKZVO8tN3WlTqTEXey/EDPMfAf5EbliZG0jKdloYjvg5N9k4vlx dg2Er3eQ6K/waPXN+j2N6dLpCBY1n0UyfFJr2+cZNmKBymy2aBgFsLiVNY1iXt56tOq9 /S3JSMJZvEjKPIEjr9DOfbTRmPKim/lNdrk0RGYsitmq74VgIDnm8JZWBh+JWam2gPPh QJsG49e5AG6Rhg3UDcnW5+3hEiR9bQ8kM8s27ngNDnmDEuS9hHfUDzI3rjDSLE8iTBwY CzIkgO3OKO+UVl+kGG/7kdCixbZKDcjVwVf+htUDr+PSDKXjR0D/ErprAUKMLXsE7j6f qXfw==
X-Gm-Message-State: AOPr4FUh8CGVdgNETN1aiDZDZOvy8wVzsLvK18PW+8YRE2Ep0iiM7Fep+OOItEHT/9z/TJ2m2PfulOUSMS79s021
MIME-Version: 1.0
X-Received: by 10.50.4.9 with SMTP id g9mr11126406igg.35.1461571614680; Mon, 25 Apr 2016 01:06:54 -0700 (PDT)
Received: by 10.64.91.226 with HTTP; Mon, 25 Apr 2016 01:06:54 -0700 (PDT)
In-Reply-To: <498F9DF9-6F79-4B2F-BD45-600AA63C9FE3@desh.se>
References: <20160414183856.GL26423@mournblade.imrryr.org> <20160421161734.GO26423@mournblade.imrryr.org> <498F9DF9-6F79-4B2F-BD45-600AA63C9FE3@desh.se>
Date: Mon, 25 Apr 2016 10:06:54 +0200
Message-ID: <CANtKdUdmnKQ1nSXACc58H6d8EhLiahb0eWZHjJ79qKA7Gz3bPg@mail.gmail.com>
From: Daniel Margolis <dmargolis@google.com>
To: Anders Berggren <anders@desh.se>
Content-Type: multipart/alternative; boundary="001a11c3184ee89a1305314aa8a9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/Bh50x2Y3cDtC-2oI4ShboCSt3dQ>
Cc: uta@ietf.org
Subject: Re: [Uta] NEWSFLASH: DANE TLSA records published for web.de!
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2016 08:06:59 -0000

That's correct. We'd like to do DANE validation on sends, but I can't
guarantee if or when it will happen right now. But it's on our radar.

I agree with Viktor that moving the MXs to a different domain might
mitigate some of the common concerns here. Of course, hosted domains will
still have to be able to host DNSSEC to secure their MX records, but this
is getting a bit more commonplace.

Dan

On Sat, Apr 23, 2016 at 1:39 AM, Anders Berggren <anders@desh.se> wrote:

> > On 21 Apr 2016, at 18:17, Viktor Dukhovni <ietf-dane@dukhovni.org>
> wrote:
> > While the even larger Gmail, Outlook.com/Hotmail, Yahoo ... are
> > not in the near term in a position to deploy DNSSEC, I expect that
> > doing so is simpler for outlook.com, because this domain does not
> > overlap with major web properties whose scale makes the transition
> > considerably more difficult.  So it would be great to add Microsoft
> > to the above list some time in 2017 (or sooner).
>
> Am I correct in assuming that none of the very big (Gmail, et al) do DANE
> verification when sending email? Given that Google’s public DNS resolvers
> have supported DNSSEC since many years, I think it would make sense for
> Google to start delivering email with DANE, regardless of what they decide
> to do for inbound email.
>
> > DANE for gmail.com is also plausible without impacting all of
> > Google, but requires moving the MX hosts out of the present
> > google.com.
>
> The domain googlemail.com used to be part of the Google Apps MX. Speaking
> of which; it would also make DANE available to the millions of domains[1]
> using Google Apps, as a bonus.
>
> [1] http://research.domaintools.com/statistics/mailservers/
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>

v2.23.0 | Report a Bug | By Email