Viktor Dukhovni:
> On Fri, Apr 17, 2020 at 06:46:27PM -0400, Wietse Venema wrote:
>
> > 1) Infrastructure mail server. DNS configuration is not supposed
> > to change. People who care about TLSA/DANE will provision a secure
> > and stable DNS resolver.
> >
> > 2) Personal laptop, roaming between trusted and untrusted networks.
> > People who care about their email won't send directly to arbitrary
> > remote destinations. Instead they will relay through a trusted
> > infrastructrure server (see above), and not rely on TLSA/DANE.
> >
> > 3) ???
> >
> > What use cases did you have in mind?
>
> Mostly case 1), but for a fresh install where out of the box default
> installation gets you "smtp_tls_security_level = none". You configure
> a stable local resolver, but then also need to configure multiple
> Postfix settings to get what could be a default setting:
>
> smtp_dns_support_level = dnssec
> smtp_tls_security_level = dane
>
> We should probably walk before we run and go with a default of:
>
> smtp_tls_security_level = may
>
> but eventually, we could select the default in a more nuanced manner.
> This assumes that turning on DANE is by then a common practice and that
> DANE is applicable to a more substantial fraction of Internet email.
I don't like magical defaults.
I like settings that will explain why they don't work. That will
guide the operator in use case 1) towards successful deployment.
Magic that moves things behind the scenes does not, it just hides
critical information.
Wietse
