John, I'm OK with sections 4.1 and 6 from your I-D, provided that MUAs that implement either MUST implement both. This leaves the choice to mail domains, and it addresses the scalability issues discussed.
I would add that the URI RRs for section 6 should be signed, that clients must validate them with DNSSEC, that the URIs must be HTTPS URIs, and that the authority of each such URI SHOULD (MUST?) have TLSA RRs. Nico -- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
