On Tue, Apr 13, 2021 at 10:46:24AM +0200, Andrew McConachie wrote: > There’s been too much focus on getting browsers to implement HTTPS/DANE. Or not enough. > These days HTTPS is used for all kinds of stuff that has nothing to do with > the web. Take the Fediverse for example. ActivityPub uses HTTPS for > server-server communication in a manner similar to how MTAs use SMTP. There > are plenty of other examples. Thus there is now a DANISH mailing list, and who knows, we might end up with a BoF and even a WG. > My point is that if people want to see HTTPS/DANE deployments grow they > should start hacking HTTPS/DANE validation into the numerous open source > projects that act as HTTPS clients. Find communities of geeks to act as > early adopters, and simply ignore the politics of large browser vendors as > they’re obviously a lost cause. That's certainly an option. I think OpenSSL and other TLS implementations could have better DANE ergonomics, for sure -- that may be a better place to start. But SMTP has been a very good base for now because the application exists, is widely deployed, greatly benefits from DANE, has significant gubernamental support in Europe, etc.
