On Thu, 14 Apr 2016, Viktor Dukhovni wrote:
The web.de domain has just published DANE TLSA records for its MX
hosts. This follows earlier "pilot" deployments with the smaller
mail.com and mail.de domains.
Fine!
I already thought they wouldn't do it. The announcement was in August last
year (German text):
http://www.heise.de/newsticker/meldung/Kehrtwende-bei-Mail-Sicherheit-Web-de-und-GMX-fuehren-DANE-ein-2782473.html
There are 165 "postfix-users" subscriber domains that have MX
records and MX hosts in DNSSEC signed zones. You've done the hard
part of deploying DNSSEC, deploying DANE TLSA for email is
comparatively simple.
One would think so, but: I asked my main domain provider domaindiscount24
which introduced DNSSEC last year when they will offer TLSA, DS and SSHFP
records also. Their answer: Currently the requested features aren't
available and we can make no statement if and when they will be available.
Actually I don't understand this. They did the major task of implementing
DNSSEC and aren't able to offer the 3 most important DNS types to actually
get a benefit from DNSSEC.
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
