On Fri, Nov 07, 2014 at 05:55:08PM +0100, Michael Str?der wrote: > > For the latter see the DANE draft. > > Of course you personally prefer DANE. That's understable given all the high > quality work you put into the I-Ds and implementation.
Cause and effect reversal. I put all the hard work in, because it is not possible to secure SMTP against active attacks without a secure DNS. The best we can do with the Web PKI applied to MTA to MTA SMTP is log success when connections to what we hope is the right server appear to not be tampered with based on a CA certificate from a mutually supported CA. The goal with DANE is to do better than that. The Melnikov draft applies only to mandatory TLS, such as might be configured via bilateral agreement between peer organizations with the "secure" policy in Postfix, which was designed to support that use-case. The pain of managing such bilateral agreements for a decade is part of why I ended up doing the DANE work. The rationale for the DANE work is in: http://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-13#section-1.3 and subsections. A relatively short read, not burdened with protocol design minutiae. -- Viktor.