22 May
2025
22 May
'25
12:16 a.m.
On 5/19/25 9:38 AM, John R. Levine via NANOG wrote:
On Mon, 19 May 2025, Bjørn Mork wrote:
Why don't we just deprecate MTA-STS and make DANE mandatory, while it is still possible?
It's an open secret that MTA-STS exists because one of the large mail providers doesn't want to use DNSSEC. The IETF is still not the Network Police so there's nothing we can do about it.
As it turns out DKIM's use of DNS to fetch public keys was mistake, which IIM (the IM part of DKIM) got right, and would have made the underlying protocol more reusable for other applications. Water under the bridge, but if anybody is implementing this, it's just more proof that the complaints back then about performance aged like milk. Mike