Am 29.07.2014 um 16:14 schrieb Viktor Dukhovni: > On Tue, Jul 29, 2014 at 03:57:24PM +0200, Per Thorsheim wrote: > >> I don't know if this list is aware of this project? >> >> https://github.com/EFForg/starttls-everywhere > > The EFF folks behind this effort have reached out to me and we've > discussed some of the issues. I am somewhat ambivalent about this, > as it introduces a non-scalable registry that does fully address > the problem, and perhaps reduces incentives to do it right and > deploy DANE. On the other hand, DNSSEC adoption by large providers > is a non-trivial effort, and they cannot yet deploy DANE as quickly > as they may be able to sign up for the EFF registry. So I am not > sure whether this is a step forward or sideways.
Hi Viktor, perhaps silly question, i sometimes asked myself why not use something like advanced SPF with i.e IN SPF "v=spf1 mx ip4:1.2.3.4/24 TLSPOLICY:require-valid-certificate -all" etc as tmp solution > >> An intermediate effort before DNSSEC and DANE (hopefully) gets seriously >> deployed around the world and various TLDs. EFF will talk about this at >> PasswordsCon next week in Las Vegas, and I'll make references to this >> and DANE TLS in my talk at the DEFCON Crypto & Privacy Village. I'm very >> happy to see that these issues are gaining a lot of attention these days. >> >> Viktor: Is the IEEE meeting done yet? Any status update for DANE TLS? > > I think you mean IETF (not IEEE). Yes IETF Toronto is done, and > the SMTP draft is basically ready and has not been changed in many > weeks. The main hold-up is that the WG chairs wanted to publish > the SMTP and SRV drafts together, but the latter is substantially > less ready. Perhaps I should ask the chairs to decouple these. > > The Toronto meeting was looking at the OPS draft which updates DANE > TLSA in general (not SMTP specific). > > The only issue in the SMTP draft that may require final review by > the DANE WG is digest agility, I'll post a message to the list > this week, now that everyone is back from Toronto, and try to > wrap it up. > > In the mean-time Patrick Koetter et. al. are doing great work in > Germany getting more organizations to deploy DANE. So far: > > posteo.de (email provider) > mailbox.org (email provider) > bund.de (German Parliament) > > and more on the way... > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
