Just attended ICANN-47 Durban. In the DNSSEC workshop, DANE was
discussed, along with using DANE with SMTP.
http://durban47.icann.org/meetings/durban2013/presentation-dnssec-dane-smtp-17jul13-en.pdf
So as I understand this, if there is an appropriate TLSA record (all
nice and DNSSEC secure) for an SMTP server, one could then "encourage"
the use of TLS connections to that server??? Maybe the destination
server looks back to see who is talking to it, also does a check for a
TLSA record and can therefore conclude "Hey... I see we both do TLS, so
I'll only accept TLS from you"...
I heard that some other popular MTA's are already developing support for
TLSA records. Just wondering if Exim development is going there too.
--
. . ___. .__ Posix Systems - (South) Africa
/| /| / /__ mje@??? - Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496