Sometimes there's so much beauty in the world, I feel like I can't take it, and my heart is just going to cave in. https://ianix.com/pub/dnssec-outages/20190321-www.cloudflare.com/ …
-
Show this thread
-
Replying to @tqbf
Playing the devil’s advocate here, but what that page shows is that like anything else, DNSSEC requires operational work. Broken/expired TLS certificates are everywhere, yet we don’t blame TLS.
3 replies 2 retweets 3 likes -
the DNSSEC outages we see demonstrate that largest companies (many of whom this is supposedly an area of expertise) can't handle said operational work. so what hope do other companies have?
1 reply 0 retweets 1 like -
and when you weigh up the risks and benefits, TLS deployment is far more lucrative than DNSSEC
1 reply 0 retweets 2 likes -
Replying to @saleemrash1d @tqbf
And to get back to the original topic, is MTA-STS any better? Do the benefits outweigh the risk of failure?
3 replies 0 retweets 0 likes -
Replying to @jedisct1 @saleemrash1d
What’s the failure risk you see here? To fail in a way that made things worse than the status quo ante, wouldn’t an MTA have to start using TLS, and then suddenly decide to stop doing that and just use plaintext SMTP?
1 reply 0 retweets 1 like
As I just said. We’ll be in a world where a MySQL failure, or upgrading Wordpress may cause emails from Gmail not being delivered any more, because it will have silently changed a rule affecting the `.well-known/blahblah` file.
-
-
Replying to @jedisct1 @saleemrash1d
Is there a scenario where that can happen if you speak TLS SMTP?
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.