Sorry, The link contained a session-ID. Here' the correct one: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03108/TR03108-1.pdf?__blob=publicationFile&v=3
26. August 2016 11:07, "Rene "Renne" Bartsch ([email protected])" <[email protected]> schrieb: > BSI TR-03108-1 Secure E-Mail Transport > Requirements for E-Mail Service Providers (EMSP) > regarding a secure Transport of E-Mails > Version: 1.0 > Date: > 05/12/2016 > https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03108/TR03 > 08-1.pdf;jsessionid=BD19BA2EBEEB22AFE1A8310E1666148E.2_cid286?__blob=publicationFile&v=3 > > defines DANE-SMTP mandatory in section 2.2.1 for all certified german e-mail > providers. > > BSI = Federal Office for Information Security (Germany) > > I suggest to refer to this document to show e-mail providers DANE-SMTP is > already in active use and > even mandatory by governmemnts. > > Best regards, > > Renne > > 26. August 2016 03:36, "Viktor Dukhovni" <[email protected]> schrieb: > >> Many domain hosting providers that also host the email for the >> customer domains. For a bunch of these providers the MX hosts are >> in a DNSSEC-signed zone, and a non-trivial number of customer MX >> RRsets are also in signed zones. Consequently, they can easily >> enable DANE SMTP for all the domains in question, just by publishing >> a small set of TLSA records. >> >> I've reached out to a couple of the providers with the largest >> count of DNSSEC-signed customer domains, but don't have the cycles >> to reach out to the rest. >> >> Therefore, I am posting below a list of the provider domains that >> house MX hosts that would DANE-enable 100+ domains by publishing >> and monitoring appropriate TLSA records. >> >> Any providers that get wind of this posting might find the links >> below useful: >> >> https://www.internetsociety.org/deploy360/blog/2016/03/lets-encrypt-certificates-for-mail-servers-an >> -dane-part-2-of-2 >> https://www.ietf.org/mail-archive/web/uta/current/msg01498.html >> http://tools.ietf.org/html/rfc7672#section-1.3 >> http://tools.ietf.org/html/rfc7671#section-8.1 >> http://tools.ietf.org/html/rfc7671#section-8.4 >> https://dane.sys4.de/common_mistakes >> >> To whit, below my signature is a list of providers that should be >> encouraged to deploy TLSA records having already gone to all the >> trouble of doing the hard part and deploying DNSSEC: >> >> If anyone on this list knows the appropriate technical contacts at >> one or more of these providers, please feel free to reach out and >> give them a gentle nudge in the right direction. Collectively, >> these 58 providers can DANE-enable at least 72 thousand domains. >> >> -- >> Viktor. >> >> protonmail.ch >> 1024degres.com >> gransy.com >> intility.com >> networking4all.com >> procolix.com >> senta.com >> shoptrader.com >> tornado-mail.com >> aerohosting.cz >> banan.cz >> dc3.cz >> globe.cz >> ignum.cz >> onebit.cz >> seolight.cz >> smtp.cz >> webcloud.cz >> hosting.eu >> mail-scanner.eu >> mailplatform.eu >> anonymail.hu >> dns1.hu >> integrity.hu >> microware.hu >> webtar.hu >> servicios-nic.com.mx >> netvibeshosting.net >> networking4all.net >> ubm-us.net >> 2is.nl >> argewebhosting.nl >> atention.nl >> bit.nl >> blackhole.nl >> box.nl >> datacon.nl >> flexfilter.nl >> greenhost.nl >> hostingdiscounter.nl >> hostplan.nl >> iaf.nl >> is.nl >> jouwweb.nl >> mach3builders.nl >> openprovider.nl >> pcextreme.nl >> prolocation.nl >> spamservice.nl >> swathosting.nl >> uvt.nl >> webguru.nl >> domeneshop.no >> fastname.no >> uniweb.no >> entos.se >> paranormal.se >> ine.co.th >> >> _______________________________________________ >> dane mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dane > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
