SMTP security via opportunistic DANE TLS

Document Type Expired Internet-Draft (individual)
Authors Viktor Dukhovni  , Wes Hardaker 
Last updated 2014-01-16 (latest revision 2013-07-15)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo describes a protocol for opportunistic TLS security based on the DANE TLSA DNS record. The design goal is an incremental transition of the Internet email backbone (MTA to MTA SMTP traffic) from today's unauthenticated and unencrypted connections to TLS encrypted and authenticated delivery when the client is DANE TLSA aware and the server domain publishes DANE TLSA records for its MX hosts.


Viktor Dukhovni (
Wes Hardaker (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)