> On 27 Feb 2015, at 08:58, Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote:
>
>> One then open an SMTP connection to mail.frobbit.se, and can use TLS where
>> the cert is compared to mail.frobbit.se.
>
> Except that this is not done in MTAs written by people with clue,
> and is known to be insecure ("going through the motions").
>
>> To me that is a change of a domain name given data in DNS.
>
> That's the naive model, but it is wrong.
Ok, trust me, I know how SMTP and mail works :-)
So the difference for MX is that the MX model using TLS is wrong.
Then SRV, can you explain that?
http://example.com/
Lookup of SRV for _web._tcp.example.com
Get back for example 8080 example.net
http://example.net:8080/
What I am trying to understand is the _difference_ between URI and MX/SRV which was what Sam said there was.
Patrik
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail