zlacker

[parent] [thread] 3 comments
1. philos+(OP)[view] [source] 2022-01-27 21:54:00
Is DANE @tptacek approved of? You say DNSSEC and it triggers my internal alarm bells.
replies(1): >>tptace+GM
2. tptace+GM[view] [source] 2022-01-28 03:14:03
>>philos+(OP)
No, DANE is very bad. But it's a dead-letter standard, so I don't worry about much.
replies(1): >>AndyMc+Vg1
◧◩
3. AndyMc+Vg1[view] [source] [discussion] 2022-01-28 08:44:25
>>tptace+GM
You think no one is deploying DANE for SMTP?

https://stats.dnssec-tools.org/images/domains.svg

It's deployed on many more domains than MTA-STS.

replies(1): >>tptace+we2
◧◩◪
4. tptace+we2[view] [source] [discussion] 2022-01-28 15:35:11
>>AndyMc+Vg1
Of course it is. There are only a couple of email providers that actually matter, but out in the long tail of domains that might never receive a single non-spam email, there are plenty that are auto-signed by registrars. It's telling that's the best evidence you have, and not, like, "Google Mail uses DANE".
[go to top]