On May 20, 2013, at 7:09 AM, Viktor Dukhovni <[email protected]> wrote:
> This proposed protocol supports opportunistic TLS with DANE > authentication resistant to MITM downgrade attacks. This seems like really important work. Lots of people turn on STARTTLS in SMTP with no actual certificate verification because the want better than nothing security but don't want the operational overhead of actually rejecting bad TLS. It seems like this proposal actually gets them better protection with the same lack of overhead if they don't want to reject. It also gives those who want to reject bad TLS a better basis to do so. --Paul Hoffman _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
