Bjørn Mork via NANOG <nanog@lists.nanog.org> writes:
John Levine via NANOG <nanog@lists.nanog.org> writes:
MTA-STS does the same thing more kludgily for people who don't like DNSSEC.
More kludgily and less secure. It even says so, right in the RFC.
AFAICS, we did not need MTA-STS. It is an attempt to solve the same problem DANE solved a long time ago, but adding several new problems:
Yup. It's Google and Microsoft creating a kludge to avoid DNSSEC -- and Microsoft has since given in, and implemented DANE and DNSSEC for their mail systems, so these days it's just a Google thing.
Why don't we just deprecate MTA-STS and make DANE mandatory, while it is still possible?
That would be nice. Also, I want a pony. :) -tih -- The creation of the state of Israel was a regrettable mistake. It is time to undo this mistake, and finally re-establish a free Palestine.