DANE of SMTP Survey
babydr DBA James W. Laferriere
babydr at baby-dragons.com
Thu Jun 3 21:41:29 UTC 2021
Hello Mr. Tinka & Mr. Andrews , Please see below .
On Thu, 3 Jun 2021, Mark Tinka wrote:
> On 6/3/21 00:25, babydr DBA James W. Laferriere wrote:
The Below is to keep thread of thought accurate ...
>> On Wed, 2 Jun 2021, Mark Tinka wrote:
>>> * Step 2 - take your time cluing up on getting your zone signed, and
>>> being part of the solution toward a more secure Internet. No
>>> pressure, at your pace.
>>
>> Again , Will this handle the case of self-signed only ?
>
> Not sure I understand your question, in both cases of recursion and
> authoritative.
The Signing of the 'Zone' , Can the 'Zone' be signed by a self-signed
key ? Or MUST I (and others) rely on a external certificate authority ?
Mind you I notice in rfc6487 (note(s)) about self-signed certificates .
So Maybe I am being a bit over worried about having to spend more money
just to keep my 2 ip-ranges routing in light of the RPKI initative(s) .
Which Mr. Andrews response below answers quite succinctly ,
On Thu, 3 Jun 2021, Mark Andrews wrote:
> DANE works with self generated CERTs. The TLSA record provides the
> cryptographic link back to the DNSSEC root.
Thank You Mr. Andrews , Muchly . Is what I was hoping for .
Thank You Both . JimL
--
+---------------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network & System Engineer | 3237 Holden Road | Give me Linux |
| jiml at system-techniques.com | Fairbanks, AK. 99709 | only on AXP |
+---------------------------------------------------------------------+
More information about the NANOG
mailing list