On Fri, Nov 07, 2014 at 05:55:08PM +0100, Michael Str?der wrote:
> > For the latter see the DANE draft.
>
> Of course you personally prefer DANE. That's understable given all the high
> quality work you put into the I-Ds and implementation.
Cause and effect reversal. I put all the hard work in, because it
is not possible to secure SMTP against active attacks without a
secure DNS. The best we can do with the Web PKI applied to MTA to
MTA SMTP is log success when connections to what we hope is the
right server appear to not be tampered with based on a CA certificate
from a mutually supported CA. The goal with DANE is to do better
than that.
The Melnikov draft applies only to mandatory TLS, such as might be
configured via bilateral agreement between peer organizations with
the "secure" policy in Postfix, which was designed to support that
use-case. The pain of managing such bilateral agreements for a
decade is part of why I ended up doing the DANE work.
The rationale for the DANE work is in:
http://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-13#section-1.3
and subsections. A relatively short read, not burdened with protocol
design minutiae.
--
Viktor.
