[exim] DANE with Exim

Top Page
Delete this message
Reply to this message
Author: Mark Elkins
Date:  
To: exim-users
Subject: [exim] DANE with Exim
Just attended ICANN-47 Durban. In the DNSSEC workshop, DANE was
discussed, along with using DANE with SMTP.

http://durban47.icann.org/meetings/durban2013/presentation-dnssec-dane-smtp-17jul13-en.pdf

So as I understand this, if there is an appropriate TLSA record (all
nice and DNSSEC secure) for an SMTP server, one could then "encourage"
the use of TLS connections to that server??? Maybe the destination
server looks back to see who is talking to it, also does a check for a
TLSA record and can therefore conclude "Hey... I see we both do TLS, so
I'll only accept TLS from you"...

I heard that some other popular MTA's are already developing support for
TLSA records. Just wondering if Exim development is going there too.
-- 
  .  .     ___. .__      Posix Systems - (South) Africa
 /| /|       / /__       mje@???  -  Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496