Loading ...
Sorry, an error occurred while loading the content.

301294Re: EFF STARTTLS Everywhere project

Expand Messages
  • Patrick Ben Koetter
    Jul 29, 2014
    • 0 Attachment
      * Patrick Ben Koetter <postfix-users@...>:
      > * Viktor Dukhovni <postfix-users@...>:
      > > On Tue, Jul 29, 2014 at 03:57:24PM +0200, Per Thorsheim wrote:
      > >
      > > > I don't know if this list is aware of this project?
      > > >
      > > > https://github.com/EFForg/starttls-everywhere
      > >
      > > The EFF folks behind this effort have reached out to me and we've
      > > discussed some of the issues. I am somewhat ambivalent about this,
      > > as it introduces a non-scalable registry that does fully address
      > > the problem, and perhaps reduces incentives to do it right and
      > > deploy DANE. On the other hand, DNSSEC adoption by large providers
      > > is a non-trivial effort, and they cannot yet deploy DANE as quickly
      > > as they may be able to sign up for the EFF registry. So I am not
      > > sure whether this is a step forward or sideways.
      > >
      > > > An intermediate effort before DNSSEC and DANE (hopefully) gets seriously
      > > > deployed around the world and various TLDs. EFF will talk about this at
      > > > PasswordsCon next week in Las Vegas, and I'll make references to this
      > > > and DANE TLS in my talk at the DEFCON Crypto & Privacy Village. I'm very
      > > > happy to see that these issues are gaining a lot of attention these days.
      > > >
      > > > Viktor: Is the IEEE meeting done yet? Any status update for DANE TLS?
      > >
      > > I think you mean IETF (not IEEE). Yes IETF Toronto is done, and
      > > the SMTP draft is basically ready and has not been changed in many
      > > weeks. The main hold-up is that the WG chairs wanted to publish
      > > the SMTP and SRV drafts together, but the latter is substantially
      > > less ready. Perhaps I should ask the chairs to decouple these.
      > >
      > > The Toronto meeting was looking at the OPS draft which updates DANE
      > > TLSA in general (not SMTP specific).
      > >
      > > The only issue in the SMTP draft that may require final review by
      > > the DANE WG is digest agility, I'll post a message to the list
      > > this week, now that everyone is back from Toronto, and try to
      > > wrap it up.
      > >
      > > In the mean-time Patrick Koetter et. al. are doing great work in
      > > Germany getting more organizations to deploy DANE. So far:
      > >
      > > posteo.de (email provider)
      > > mailbox.org (email provider)
      > > bund.de (German Parliament)
      >
      > For the books: sys4 did not enable bund.de. But we helped to spread the news.
      > More German ISPs coming soon...

      Oh, and we didn't enable mailbox.org either. Heinlein did that. It's their
      product.

      p@rick

      --
      [*] sys4 AG

      https://sys4.de, +49 (89) 30 90 46 64
      Franziskanerstraße 15, 81669 München

      Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
      Vorstand: Patrick Ben Koetter, Marc Schiffbauer
      Aufsichtsratsvorsitzender: Florian Kirstein
    • Show all 8 messages in this topic