Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So it seems to me that even Harald's list of cases in which this
approach won't work and isn't applicable should be longer and
even more qualified.  Put differently, while the numbers may be
large, it appears in practice that this approach is (even
potentially) applicable to a very small number of types of cases
and configurations and that the document should be very clear
about that, characterizing those cases in as much detail as
possible.

I think the problem that we're trying to address here is setting up a MUA and wanting to ensure that it's talking to the correct SUBMIT, POP, and IMAP servers. You're right that there's all sorts of private networks with mysterious naming, but every smartphone has an MUA that usually does SUBMIT and IMAP, so it would be nice if the phone's MUA could reliably configure itself with minimal help from the user.

Verifying SMTP servers seems like a much easier problem -- the MX records are signed with DNSSEC, and the SMTP server presents a certificate with the right name, either signed by a mutually satisfactory CA or verified by DNSSEC signed TLSA.

R's,
John




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]