Poposal to mention DNSSEC in Executive Summary

Regarding the paragraph

> ...botched deployments not not only harm the domain in question, but also have a deterrent effect on adoption by others.

in the first section, I just want to point of that based on my practical experience, most DANE breakage (which might hamper DANE validation adoption) stemmed from recipient domains with broken DNSSEC (not even running DANE), rather than broken DANE. That being said, I believe that the said paragraph is accurate, and will become increasingly important as DANE usage increases, and DNSSEC development become more mature.
This commit is contained in:
Anders Berggren 2019-07-30 09:40:59 +02:00 committed by GitHub
parent 79bc97eec3
commit a2cfe55558
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -46,7 +46,7 @@
- Automated monitoring of your own email servers and related DNS records is is a must.
- Robust automation of coördinated DNS and email server certificate chain updates.
- These topics will be covered in more detail below.
* Please deploy DANE for your email servers, but plan carefully, botched deployments not not only harm the domain in question, but also have a deterrent effect on adoption by others.
* Please deploy DNSSEC, and DANE for your email servers, but plan carefully. Botched deployments not not only harm the domain in question, but also have a deterrent effect on adoption by others.
# Introduction
This how-to is created by the Dutch Internet Standards Platform (the organization behind [internet.nl](https://internet.nl)) and is meant to provide practical information and guidance on implementing DANE for SMTP.