[Cryptography] Interesting discussion of Web 3.0 ...
Viktor Dukhovni
cryptography at dukhovni.org
Fri Jan 21 09:59:55 EST 2022
> On 21 Jan 2022, at 9:43 am, Christian de Larrinaga <cdel at firsthand.net> wrote:
>
> Can I say thank you for being a postfix maintainer
You're welcome.
> But additional carbuncles like SPF, dkim,SPF, DANE, DNSSEC, I select with service stability and maintenance ease in mind.
>
> Which puts DNSSEC to pasture for now.
One of the nice features of <https://mailinabox.email> is that it is
also a DNS server for box.<your-domain.example>, and supports DNSSEC
(of course the containing domain also needs to be signed).
With BIND 9.16, recent versions of KnotDNS or PowerDNS, ... DNSSEC
administration is fully automated. You just choose a key management
policy and the rest (zone signing, ZSK rollovers, and even KSK rollovers
if the parent supports CDS/CDNSKEY) happens automatically.
You should consider DNSSEC at some point in the next year or two...
> Issues like domain and IP reputation don't favour newbies either. Strikes me that much of the barriers for self service result mail result from email thought police dominated by "the few" trying to deal with the problems of serving other people s email.
Indeed one of the effects of anti-spam measures at the large
providers is a more anti-competitive ecosystem in which smaller
administrative domains sometimes struggle with deliverability.
I haven't observed this with my own personal domain, but perhaps
I just don't send much non-list mail to Gmail/Outlook.com/... users.
--
Viktor.
More information about the cryptography
mailing list