On Fri, Aug 15, 2014 at 05:06:45PM -0400, Paul Wouters wrote:
> >Opportunistic DANE TLS for SMTP is security
>
> Some disagree about the use of the term opportunistic in this case.
> If an SMTP client supports DANE, and is contacting an SMTP server
> supporting DANE, there is nothing opportunistic about it. It MUST use
> encryption and MUST NOT fall back to cleartext.
This myopically focuses on a single interaction of the protocol.
When an SMTP client supports DANE, it applies DANE security when
TLSA RRs are present, and not when they absent. The use of DANE
is opportunistic.
Thus the clumsy phrase "opportunistically employed" in the current
draft. If anyone can suggest better language, please send a patch
for the XML:
git clone https://github.com/vdukhovni/saag.git
--
Viktor.