Re: DANE SMTP and OPS drafts now RFCs!

Wed, 14 Oct 2015 21:32:00 -0700 

Congratulations Viktor!

Thorough and insistent work. You've done a great job authoring these
documents.

p@rick




* Viktor Dukhovni <[email protected]>:
> After a 2 and a half year process, the DANE SMTP and DANE OPS drafts
> are now published IETF RFCs:
> 
> https://tools.ietf.org/html/rfc7671
> -----------------------------------
> 
>     The DNS-Based Authentication of Named Entities (DANE) Protocol:
>                     Updates and Operational Guidance
> 
>    This document clarifies and updates the DNS-Based Authentication of
>    Named Entities (DANE) TLSA specification (RFC 6698), based on
>    subsequent implementation experience.  It also contains guidance for
>    implementers, operators, and protocol developers who want to use DANE
>    records.
> 
> https://tools.ietf.org/html/rfc7672
> -----------------------------------
> 
>    SMTP Security via Opportunistic DNS-Based Authentication of Named
>              Entities (DANE) Transport Layer Security (TLS)
> 
>    This memo describes a downgrade-resistant protocol for SMTP transport
>    security between Message Transfer Agents (MTAs), based on the DNS-
>    Based Authentication of Named Entities (DANE) TLSA DNS record.
>    Adoption of this protocol enables an incremental transition of the
>    Internet email backbone to one using encrypted and authenticated
>    Transport Layer Security (TLS).
> 
> It is now time to shift my attention back to implementation in TLS
> libraries.  The community can help by promoting adoption, and making
> sure that your deployment stays valid at all times.  Please pay close
> attention to:
> 
>     https://dane.sys4.de/common_mistakes#3
>     https://dane.sys4.de/common_mistakes#8
>     https://tools.ietf.org/html/rfc7671#section-8.1
>     https://tools.ietf.org/html/rfc7671#section-8.4
>     https://tools.ietf.org/html/rfc7672#section-3.1.1
>     https://tools.ietf.org/html/rfc7672#section-3.1.2
>     https://tools.ietf.org/html/rfc7672#section-3.1.3
> 
> Just in case you overlooked something, please always retest your
> domain's TLSA records after deploying fresh certificates and/or
> private keys.
> 
>     https://dane.sys4.de
> 
> -- 
>       Viktor.

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Reply via email to