On Sat, Aug 23, 2014 at 09:33:27PM +0100, Stephen Farrell wrote: > However, say we're wrong and someone who thinks OS is a waste > of time is actually correct, what would such a person recommend > that we do as well as, or instead of, OS? For the record I started work on "opportunistic DANE TLS", in March 2013, well before PM became a major concern. It was designed as a way to scalably enable authentication in SMTP, by making that opportunistic (enabled peer by peer as DANE TLSA RRs are deployed). So I see OS as a strategy to incrementally broaden both the use of encryption AND the use of authentication. Whether protocols other than MTA-to-MTA SMTP can implement OS *with* authentication remains to be seen. I hope that will prove possible over time. For mobile device applications, we may have to wait for the DNSSEC "last mile problem" to be largely addressed before significant progress in that direction can be made. -- Viktor.