On Wed, 9 Nov 2016, John Levine wrote:
If you do publish it, I'd suggest much stronger language in the first sentence of section 9 on security considerations. The security model for S/MIME certs has always been that the trust flows from the CA to the user without involving the user's mail operator. Now the domain is the trust source for all of its users. Sometimes that's reasonable, sometimes not, and there's no way you can tell without knowing information about the domain that's not in the DNS.
The document states: Given that the DNS administrator for a domain name is authorized to give identifying information about the zone, it makes sense to allow that administrator to also make an authoritative binding between email messages purporting to come from the domain name and a certificate that might be used by someone authorized to send mail from those servers. If you use gmail.com, you are at the mercy of google - whether encrypted or not. those users have already given control away to google. This document is not the right place to warn them about that. Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
