Secure email transport (STARTTLS and DANE)
Why
- "Opportunistic Security: Some Protection Most of the Time" by V. Dukhovni
- "New e-mail security protocols mandatory within government" by Marco Davids (SIDN)
- "The sad state of SMTP encryption" by Filippo Valsorda
Usage statistics
- DANE trend graphs
- DANE statistics
- .nl statistics on DANE by SIDN Labs
- Google's statistics on STARTTLS
Background information
- How-to on 'DANE for SMTP' by Dutch Internet Standards Platform
- Wiki on 'DANE for SMTP'
- FAQ on e-mail security standards by SIDN
- Factsheet "Secure the connections of mail servers" by NCSC-NL
- "IT Security Guidelines for Transport Layer Security (TLS), v2.1" by NCSC-NL
Specifications
- RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
- RFC 7672: SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS)
- RFC 7671: The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance