From a2cfe555580c9b96f361f352e8ae37ed29821ee3 Mon Sep 17 00:00:00 2001 From: Anders Berggren Date: Tue, 30 Jul 2019 09:40:59 +0200 Subject: [PATCH] Poposal to mention DNSSEC in Executive Summary Regarding the paragraph > ...botched deployments not not only harm the domain in question, but also have a deterrent effect on adoption by others. in the first section, I just want to point of that based on my practical experience, most DANE breakage (which might hamper DANE validation adoption) stemmed from recipient domains with broken DNSSEC (not even running DANE), rather than broken DANE. That being said, I believe that the said paragraph is accurate, and will become increasingly important as DANE usage increases, and DNSSEC development become more mature. --- DANE-for-SMTP-how-to.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DANE-for-SMTP-how-to.md b/DANE-for-SMTP-how-to.md index 353a591..9ec77d9 100644 --- a/DANE-for-SMTP-how-to.md +++ b/DANE-for-SMTP-how-to.md @@ -46,7 +46,7 @@ - Automated monitoring of your own email servers and related DNS records is is a must. - Robust automation of coördinated DNS and email server certificate chain updates. - These topics will be covered in more detail below. -* Please deploy DANE for your email servers, but plan carefully, botched deployments not not only harm the domain in question, but also have a deterrent effect on adoption by others. +* Please deploy DNSSEC, and DANE for your email servers, but plan carefully. Botched deployments not not only harm the domain in question, but also have a deterrent effect on adoption by others. # Introduction This how-to is created by the Dutch Internet Standards Platform (the organization behind [internet.nl](https://internet.nl)) and is meant to provide practical information and guidance on implementing DANE for SMTP.