Re: SMTP+TLS to MXs, was Re: Comments on Draft IRTF ASRG DNSBL - 07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 14 Nov 2008, Mark Andrews wrote:
In message <alpine.LSU.2.00.0811131135530.14367@xxxxxxxxxxxxxxxxxxxxxx>, Tony F inch writes:
You also need the server to provide a verifiable TLS certificate. The vast majority of them are not. This problem is perhaps even harder to fix than the lack of DNSSEC.

	Just use DNSSEC and CERT records to do that.
...>
	If self signed, look in the DNS for the CERT.  Accept if
	signed and validated by DNSSEC.

How does an application do "accept if signed and validated by DNSSEC"?

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]