[dns-operations] Response to the USG proposal to use MTA-STS

Vittorio Bertola vittorio.bertola at open-xchange.com
Tue Sep 21 10:49:54 UTC 2021



> Il 21/09/2021 00:38 Wes Hardaker <wjhns1 at hardakers.net> ha scritto:
> 
>  
> Viktor and I have written a response to discuss the USG's proposal [1-3]
> to use MTA-STS for securing E-mail (as opposed to DANE-SMTP).  You may
> review our response here:
> 
> https://www.isi.edu/~hardaker/news/2021-09-20-DANE-vs-STS.html
> 
> Others may wish to file their own opinions on the responses as well
> (very short timeline - 	zerotrust at omb.eop.gov due today-ish and
> tic at cisa.dhs.gov due Oct 1).

Thanks a lot for flagging this - I just wrote and submitted our comment along the same lines as yours (but not as technically detailed). For those looking for the details, the comment period ends today (Sep 21) and the consultation page is here:

https://zerotrust.cyber.gov/federal-zero-trust-strategy/

The document up for comment is #2 in Wes's refs:

> [2] https://zerotrust.cyber.gov/downloads/Office%20of%20Management%20and%20Budget%20-%20Federal%20Zero%20Trust%20Strategy%20-%20DRAFT%20For%20Public%20Comment%20-%202021-09-07.pdf

There is also a section on DNS encryption that others may want to comment, though it does not recommend any specific protocol.

I could not readily find any direct DNS/MTA-STS references in the other documents in the package (the CISA ones), so I only commented this one.

-- 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola at open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy



More information about the dns-operations mailing list