Come back when local DNSSEC validation is.a thing. It's not a thing. I doubt it will ever be a thing. In the mean time: DNSSEC doesn't work, and does cause outages. Major browsers are turning on mandatory CT for everything. That's strong protection for everyone.
It's end to end in neither case. Users aren't resolver caches or SMTP servers. This is "Well I locked the side door, so if the attacker goes there, we're good. Never mind the open front door" 'security'.
-
-
Oh, also the lock is cheap plastic in this metaphor.
-
DANE is used to authenticate TLS connections that encrypt email transport between domains. DNSSEC secures the TLSA RRs end-to-end from target to sender domain. E2E email encryption is unusable, but hop by hop TLS is effective against bulk surveillance. No plastic
End of conversation
New conversation -
-
-
DANE is protecting traffic between mail servers doing local validation. This protects relaying of email sent by users. You're familiar with this use case, but that does not mean it does not exist. Solipsism works only for one person at a time.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.