On Jul 10, 2014, at 1:53 AM, Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote: > On Thu, Jul 10, 2014 at 08:29:49AM +0100, Dave Cridland wrote: > >> On 10 July 2014 02:45, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote: >> >>> So how can it be impractical to do something that has already been routing >>> for over a decade? >> >> Also, XMPP has almost the exact same set of problems as (MTA/MTA) SMTP, and >> seems to have deployed TLS with PKIX auth just fine > > This is a dramatic over-simplification. > >> and the deployed >> network is shifting with some pace toward this being mandatory. > > TLS yes, PKIX authentication, not so much, and only provides security > when the XMPP server can obtain certificates for the target domain > (not the SRV host). With SMTP third-party MX hosting is rather common, > and makes the latter substantially more difficult. It seems POSH (*) could be applied to SMTP? (*) http://tools.ietf.org/html/draft-ietf-xmpp-posh -d > >> The only additional issue for SMTP is that you'd need SNI, but that's not >> terribly onerous these days. > > This is also a dramatic over-simplification. SNI support is easy, > cross-domain key management is not, and other barriers remain. > Since this is a distraction, I will not debate it further point by > point. > > -- > Viktor. >