Hi, I have a possibly slightly cryptic review notes. Feel free to ask for clarifications.
In the terminology section: what about no MX record case (A or AAAA only)? In 1.3.1: why mention SMTP URIs? How would introduction of such URIs help with securing SMTP? I suggest you just mention that there is no signalling of "secure" SMTP. In 2.2: Network address instead of MX hostname - I think this deserves an example. In 2.2.3 (page 17, 3rd from the last para): and possibly other places: TLS server certificate matching rules should be fully specified. Use RFC 6125 (for example look at draft-melnikov-email-tls-certs-01) or specify the rules directly. Page 22, 3rd para: please add reference for the SNI TLS extension (a Normative reference, because you use normative language when referencing the extension) and various versions of TLS. In 2.3.3: it is not clear whether the client needs to check that for every record covered by the WORSE hash there is a corresponding record covered by the BETTER hash. In Section 3, last para: add "or bounced", as this can be more serious than just being delayed. In 4.2, last para: did you mean "SHOULD"? I've heard Not checking expiration dates in certificate - I don't think this was mentioned in the document. Best Regards, Alexey
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
