DANE of SMTP Survey
Mark Andrews
marka at isc.org
Thu Jun 3 14:06:51 UTC 2021
DANE works with self generated CERTs. The TLSA record provides the cryptographic link back to the DNSSEC root.
--
Mark Andrews
> On 3 Jun 2021, at 22:32, babydr DBA James W. Laferriere <babydr at baby-dragons.com> wrote:
>
> Hello Mark ,
>
>> On Wed, 2 Jun 2021, Mark Tinka wrote:
>>> On 6/2/21 11:07, Jeroen Massar via NANOG wrote:
>>>
>>> As for solutions: better education, more improvements to the tools & making it easier. CDS records already help a lot. But we might also need to improve recovery mechanisms, as f-ups are made, and you don't want to be off this Internet thing for too long.
>>
>> I think DNSSEC implementation needs to be made less scary for folk who are apprehensive, and broken down into two steps, where step 1 is most emphasized:
>>
>> * Enable DNSSEC on your resolvers. Does not require you to sign your
>> zones. Does not require you to read up on what it takes to sign and
>> maintain your zones. Does not require you to worry and test for the
>> next 60 days whether DNSSEC will break your e-mail delivery, e.t.c.:
>>
>> dnssec-enable yes;
>> dnssec-validation auto;
>>
>> Done! Two lines (BIND, in this case), and off you go.
>
> Will this handle the case of self-signed only ?
> And as Jeroen Massar mentioned the resignation of a certificate is a tad troubles some for both DNSSEC & DANE .
>
>> * Step 2 - take your time cluing up on getting your zone signed, and
>> being part of the solution toward a more secure Internet. No
>> pressure, at your pace.
>
> Again , Will this handle the case of self-signed only ?
>
>> Mark.
> Tia , JimL
> --
> +---------------------------------------------------------------------+
> | James W. Laferriere | System Techniques | Give me VMS |
> | Network & System Engineer | 3237 Holden Road | Give me Linux |
> | jiml at system-techniques.com | Fairbanks, AK. 99709 | only on AXP |
> +---------------------------------------------------------------------+
More information about the NANOG
mailing list