diff --git a/DANE-for-SMTP-how-to.md b/DANE-for-SMTP-how-to.md index 8d8796b..5f662d7 100644 --- a/DANE-for-SMTP-how-to.md +++ b/DANE-for-SMTP-how-to.md @@ -2,11 +2,14 @@ - [Introduction](#introduction) - [What is DANE?](#what-is-dane-) - [Why use DANE for SMTP?](#why-use-dane-for-smtp-) - * [Advantages of DANE explained by illustrations](#advantages-of-dane-explained-by-illustrations) - + [Mail delivery: TLS without DANE](#mail-delivery--tls-without-dane) - + [Mail delivery: TLS with MITM using evil certificate](#mail-delivery--tls-with-mitm-using-evil-certificate) - + [Mail delivery: TLS with MITM stripping TLS](#mail-delivery--tls-with-mitm-stripping-tls) - + [Mail delivery: TLS with DANE](#mail-delivery--tls-with-dane) + * [Risks of SMTP with opportunistic TLS](#risks-of-smtp-with-opportunistic-tls) + * [DANE addresses these risks](#dane-addresses-these-risks) +- [Advantages of DANE explained by illustrations](#advantages-of-dane-explained-by-illustrations) + * [Mail delivery: TLS without DANE](#mail-delivery--tls-without-dane) + * [Mail delivery: TLS with MITM stripping TLS](#mail-delivery--tls-with-mitm-stripping-tls) + * [Mail delivery: TLS with MITM using evil certificate](#mail-delivery--tls-with-mitm-using-evil-certificate) + * [Mail delivery: TLS with DANE](#mail-delivery--tls-with-dane) + * [Mail delivery: TLS with DANE without DNSSEC](#mail-delivery--tls-with-dane-without-dnssec) - [Reliable certificate rollover](#reliable-certificate-rollover) * [Current + next details](#current---next-details) - [Tips, tricks and notices for implementation](#tips--tricks-and-notices-for-implementation) @@ -38,6 +41,7 @@ Table of contents generated with markdown-toc + # Executive Summary * DANE is a best-practice technology for securing the transfer of email (SMTP) between organizations across the public Internet. * Successful DANE deployments require additional operational discipline.