nanog mailing list archives

Re: Massive change in Public Cert behaviour coming soon

From: John Levine via NANOG <nanog () lists nanog org>
Date: 18 May 2025 22:03:53 -0400

It appears that Michael Thomas via NANOG <nanog () lists nanog org> said:


On 5/18/25 4:09 PM, Randy Bush via NANOG wrote:

I think that most contemporary MTAs use some form of (weak)
authenticated identity.  The most common that I see is reverse DNS
with forward DNS confirmation.  A less common form of (client)
authentication is username & password.

DANE


DKIM, actually.


No, really DANE. If you publish TLSA records for your mail server's
certs, and you screw up and the TLSA doesn't match the cert, mail
clients that do DANE, such as Comcast's, won't send you mail.

That's pretty strong.  MTA-STS does the same thing more kludgily for people who don't like DNSSEC.

R's,
John

PS: You can guess how I learned about that.
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/M4IZ5A3BQOE2J2HOF7U3XFZVR6KZZQ2W/

Current thread:

Re: Massive change in Public Cert behaviour coming soon, (continued)
- - - Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 17)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Randy Bush via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Randy Bush via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Michael Thomas via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon John Levine via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Bjørn Mork via NANOG (May 19)
    - Re: Massive change in Public Cert behaviour coming soon Tom Ivar Helbekkmo via NANOG (May 19)
    - Re: MTA-STS, was Not So Massive change in Public Cert behaviour coming soon John R. Levine via NANOG (May 19)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)

(Thread continues...)