But I am right. DNSSEC doesn't actually work and it does cause outages. Don't use it. Get out of here with this righteous nonsense!
... but that's not where the users are. It can still be trivially spoofed between the mail server and the user, and it can often still be forged with a bit of effort even to the SMTP server.
-
-
DANE is being used today to secure traffic between (some) SMTP MTAs. DNSSEC is not used between the user and the MSA or IMAP server. That's where WebPKI is used at present. Both are presently well suited to their respective roles. I am not hating your use-case, stop hating mine
-
DNSSEC isn't suited to its role. It doesn't actually work, and it causes outages. Of course I hate that. There's no room for "agree to disagree"; "secure" as a verb doesn't apply to something that uses SHA1.
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.