…omains. Other related documents that build on [ RFC6698 ] are [ RFC7673 ] and [ RFC7672 ]. Section 12 summarizes the normative updates this document makes to [ RFC6698 ]. Dukhovni & Hardaker Standards Track [Page 3] RFC 7671 DANE Operations October 2015 1.1 . Terminology The key …
…hnologies The DNS-Based Authentication of a Named Entities (DANE) TLSA record [ RFC7672 ] is similar, in that DANE is also designed to upgrade unauthenticated encryption or plaintext transmission into authenticated, downgrade-resistant encrypted transmission. DANE requires DNSSEC…
…uires a different approach. One approach to address that topic is described in [RFC7672]; another is provided in [MTA-STS]. The recommendations in this memo do not replace the functionality of, and are not intended as a substitute for, end-to-end encryption of electronic mail. 1.…
…ires a different approach. One approach to address that topic is described in [ RFC7672 ]; another is provided in [ MTA-STS ]. The recommendations in this memo do not replace the functionality of, and are not intended as a substitute for, end-to-end encryption of electronic mail.…
…OI 10.17487/RFC7435, December 2014, <https://www.rfc-editor.org/info/rfc7435>. [RFC7672] Dukhovni, V. and W. Hardaker, "SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS)", RFC 7672, DOI 10.17487/RFC7672, October 2015,…
…henticate the server, and in that case the SNI name sent is the one required by RFC7672 and this parameter is ignored. Some SMTP servers use the received SNI name to select an appropriate certificate chain to present to the client. While this may improve interoperability with suc…
…henticate the server, and in that case the SNI name sent is the one required by RFC7672 and this parameter is ignored. Some SMTP servers use the received SNI name to select an appropriate certificate chain to present to the client. While this may improve interoperability with suc…
…henticate the server, and in that case the SNI name sent is the one required by RFC7672 and this parameter is ignored. Some SMTP servers use the received SNI name to select an appropriate certificate chain to present to the client. While this may improve interoperability with suc…
… server and authenticate the server's certificate as specified in [RFC6125] or [RFC7672], as applicable. The hostname from the MX record lookup (or the domain name in the absence of an MX record where an A record is used directly) MUST match the DNS-ID or CN- ID of the certificat…
… server and authenticate the server's certificate as specified in [RFC6125] or [RFC7672], as applicable. The hostname from the MX record lookup (or the domain name in the absence of an MX record where an A record is used directly) MUST match the DNS-ID or CN- ID of the certificat…