Git/email-toolbox-wiki
1
0
Fork 0
mirror of https://github.com/internetstandards/toolbox-wiki.git synced 2024-11-22 11:01:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update DANE-for-SMTP-how-to.md

Browse Source
This commit is contained in:
Dennis Baaten 2019-08-28 08:48:54 +02:00 committed by GitHub
parent 14473e5b40
commit 17d2b78fb7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
DANE-for-SMTP-how-to.md
View File

@ -82,6 +82,9 @@ The risks of SMTP with opportunistic TLS can be mitigated by using DANE:
In short: DANE allows sending mail servers to unconditionally require STARTTLS with a matching certificate chain. Otherwise, the sending mail server aborts the connection and tries another server or defers the message. Receiving servers with published TLSA records, are therefore no longer vulnerable to the afore mentioned man in the middle attacks. In short: DANE allows sending mail servers to unconditionally require STARTTLS with a matching certificate chain. Otherwise, the sending mail server aborts the connection and tries another server or defers the message. Receiving servers with published TLSA records, are therefore no longer vulnerable to the afore mentioned man in the middle attacks.
# DANE TLSA record example
![]()
# Advantages of DANE explained by illustrations # Advantages of DANE explained by illustrations
## Mail delivery: TLS without DANE ## Mail delivery: TLS without DANE
The illustration below shows two TLS capable mail servers without using DANE. This scenario exposes the mail transport to the risks described above. The illustration below shows two TLS capable mail servers without using DANE. This scenario exposes the mail transport to the risks described above.