Re: SMTP+TLS to MXs, was Re: Comments on Draft IRTF ASRG DNSBL - 07
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SMTP+TLS to MXs, was Re: Comments on Draft IRTF ASRG DNSBL - 07
In message <alpine.LRH.2.00.0811140934240.9364 at netcore.fi>, Pekka Savola writes:
> On Fri, 14 Nov 2008, Mark Andrews wrote:
> >> How does an application do "accept if signed and validated by DNSSEC"?
> >
> > You validate the CERT RRset using the techniques in RFC
> > 4033, 4034 and 4035. If the answer is "secure" then it was
> > signed and validated. You the match offered cert to the CERT
> > RRs using the information from RFC 4398.
> >
> > Do you need more detail or is that enough guidance?
>
> I was interested in more detail, specifically, are there application
> interfaces an application could use, or every app need to implement
> validation using 4033-5 techniques (a lot of work, and most would
> probably do it wrong)?
There are a number of libraries available which can do
dnssec validation.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
