Re: Massive change in Public Cert behaviour coming soon

[Tom Ivar Helbekkmo via NANOG <nanog () lists nanog org>]

Bjørn Mork via NANOG <nanog () lists nanog org> writes:

> John Levine via NANOG <nanog () lists nanog org> writes:
>
> > MTA-STS does the same thing more kludgily for people who don't like DNSSEC.

More kludgily and less secure.  It even says so, right in the RFC.

> AFAICS, we did not need MTA-STS.  It is an attempt to solve the same
> problem DANE solved a long time ago, but adding several new problems:

Yup.  It's Google and Microsoft creating a kludge to avoid DNSSEC -- and
Microsoft has since given in, and implemented DANE and DNSSEC for their
mail systems, so these days it's just a Google thing.

> Why don't we just deprecate MTA-STS and make DANE mandatory, while it
> is still possible?

That would be nice.  Also, I want a pony.  :)

-tih
-- 
The creation of the state of Israel was a regrettable mistake.  It is
time to undo this mistake, and finally re-establish a free Palestine.
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/SDLF2HC2EDTCSOJSLKJFRJAWXA3TGCVU/