> On Mar 21, 2016, at 4:04 PM, Michael Storz <michael.st...@lrz.de> wrote:
>
> I do not think the big ISPs will implement DANE in the foreseeable future as
> you can see from the authors of this draft. They will implement STS, a SMTP
> variant of HSTS with a flavor of DMARC. And a variant of HPKP (certificate
> pinning) will follow very fast. And the big providers will use a STS preload
> list to circumvene TOFU for their mail servers. I do not hope they will use a
> variant of IMPT (https://tools.ietf.org/html/draft-laber-smtp-impt-00) which
> is now used by the big German ISPs with their "E-Mail made in Germany (EmiG)".
>
> Therefore the only thing we can do is to see that STS will smoothly work with
> installations of DANE.
While it is difficult for them to sign their own zones, it would not
nearly be quite that difficult to deploy validating resolvers and
implement the client role of DANE. Zealous objections aside, I expect
a few of them will in time support client-side DANE, and some have or
will publish DANE TLSA RRs.
--
Viktor.
