On Tue, Jul 29, 2014 at 03:57:24PM +0200, Per Thorsheim wrote:
> I don't know if this list is aware of this project?
>
> https://github.com/EFForg/starttls-everywhere
The EFF folks behind this effort have reached out to me and we've
discussed some of the issues. I am somewhat ambivalent about this,
as it introduces a non-scalable registry that does fully address
the problem, and perhaps reduces incentives to do it right and
deploy DANE. On the other hand, DNSSEC adoption by large providers
is a non-trivial effort, and they cannot yet deploy DANE as quickly
as they may be able to sign up for the EFF registry. So I am not
sure whether this is a step forward or sideways.
> An intermediate effort before DNSSEC and DANE (hopefully) gets seriously
> deployed around the world and various TLDs. EFF will talk about this at
> PasswordsCon next week in Las Vegas, and I'll make references to this
> and DANE TLS in my talk at the DEFCON Crypto & Privacy Village. I'm very
> happy to see that these issues are gaining a lot of attention these days.
>
> Viktor: Is the IEEE meeting done yet? Any status update for DANE TLS?
I think you mean IETF (not IEEE). Yes IETF Toronto is done, and
the SMTP draft is basically ready and has not been changed in many
weeks. The main hold-up is that the WG chairs wanted to publish
the SMTP and SRV drafts together, but the latter is substantially
less ready. Perhaps I should ask the chairs to decouple these.
The Toronto meeting was looking at the OPS draft which updates DANE
TLSA in general (not SMTP specific).
The only issue in the SMTP draft that may require final review by
the DANE WG is digest agility, I'll post a message to the list
this week, now that everyone is back from Toronto, and try to
wrap it up.
In the mean-time Patrick Koetter et. al. are doing great work in
Germany getting more organizations to deploy DANE. So far:
posteo.de (email provider)
mailbox.org (email provider)
bund.de (German Parliament)
and more on the way...
--
Viktor.
