Hi all,
I propose to increase the character limit for SMIMEA DNS records to accommodate full certificates.
For SMIMEA it is not sufficient to just publish the certificate hash (like TLSA) but the full certificate is necessary, as with SMIMEA you also have a discoverability problem when writing an encrypted email to someone. Then your email client needs to discover the certificate of the recipient, thus the full certificate is usually necessary in DNS.
For example records see eg. Why Great DANE doesn't require DNSSEC validation by default | Great DANE
Kind regards,
Christoph
Its been more then 5 years and the issue with SMIMEA Records still persist.
Adding the full certificate via SMIMEA Record gives error The content length is too large. (Code: 81041)
SMIMEA 25f1cec5639646cc34a1a6d0f6a163f833a3303e09bba036b2c9e84f._smimecert 3 0 0 308206263082050ea003020102021100b84dc60df6bd50a6aac4d723e3d497ee300d06092a864886f70d01010b0500308196310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f726431183016060355040a130f5365637469676f204c696d69746564313e303c060355040313355365637469676f2052534120436c69656e742041757468656e7469636174696f6e20616e642053656375726520456d61696c204341301e170d3234303831363030303030305a170d3235303831363233353935395a30253123302106092a864886f70d01090116146e696b6c617340626974636972637569742e657530820222300d06092a864886f70d01010105000382020f003082020a02820201009630a3526a477bbbbf9274d3dee014c81bea0ceae708fc9d65e856fdfa756cfd4c6fbc3ff1eb89eee057052a8b40e958da99fdc558f67e751e6bf883a08206650f45c5e726c40ae8f068748706a8a3bf716598b590664625c797d96bcd9fbc38791cbe1c8165d4750a345f8b29cabde2f8dd71fcc827fbbe1a8ae90987e718923d15522b6cf4b15c303ee6fe372b96ec6ea085242105a0d538b612e951334918524371af569694321056eb13598b2b6812c9687e9137658d9f941643d374332b104519b77c8f0a1eb6e52a72bb7e37cf9184cc9534923681b47a98d51d0d8d44d80cf4f756f78bf5bfeb7793436c4ffedd4f710055253ae5fc202221cc2fcda300aed0e0dc7e2eafb011f343301d8ddb888e1cd3713c04beb179ab0c62f32a619feb863a03e2ee49bcc7e47d755bcfb55c752c66f9135c4d8294757462ee6e8f5a73442c603a754e9f48aad7916910c608939d03ce04163e52e42232695e63e917485a2ab9720b87291036df331e66ae4d99bccce0089457fa24b5749b3fc6dc54df8ffb253919f6a15697ac367dc1d2e6a151c2320715881a1f05936d08b65b289933d3f0daced3a02533d56bcc057afb13a5189de69dfdeffac7d60f342b75db71aa9e43391f478a4b59655cd3843b893749d37dca6ca2b436b5156a6c431b00c42474729c7bc79ad12eb22e7c13e5a0ab6ef74f0b72b3deb71050cb24e2bd0203010001a38201dd308201d9301f0603551d2304183016801409c0f2fc0bda94db5ffe2bdfa89942cfc9e0ad00301d0603551d0e041604143f399b8c9ec43c192db5d4ba1d269540f420232c300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030406082b0601050507030230500603551d2004493047303a060c2b06010401b2310102010a01302a302806082b06010505070201161c68747470733a2f2f7365637469676f2e636f6d2f534d494d454350533009060767810c01050102305a0603551d1f04533051304fa04da04b8649687474703a2f2f63726c2e7365637469676f2e636f6d2f5365637469676f525341436c69656e7441757468656e7469636174696f6e616e64536563757265456d61696c43412e63726c30818a06082b06010505070101047e307c305506082b060105050730028649687474703a2f2f6372742e7365637469676f2e636f6d2f5365637469676f525341436c69656e7441757468656e7469636174696f6e616e64536563757265456d61696c43412e637274302306082b060105050730018617687474703a2f2f6f6373702e7365637469676f2e636f6d301f0603551d110418301681146e696b6c617340626974636972637569742e6575300d06092a864886f70d01010b05000382010100a2fe680bdb9206b1059b7f56a192a4f2b4ea280571466bab041a6d0a95e0fc0e7159de3348f650aa1314f51d1cea9fcaf56029491f128e9c5e27756650644a8317183fb62f967ddfaed235eda6b59a2f0c378c99ac56807cdba79c18e3b4907e10ead956432ee2619ba67559230ac4ff081c57668d171af836b8e1a8b5868a5065c515ac0b3bfc3f3ded5c9408984afcff0ef17c915b1208417e9802144de36019657331874f59958d7dac2a1a53eb8c1c9b3a0ec0239394fdf26fbe58226e661162ad29b14a8be030351d1e7a419c3b29dbac87387c5ddab43e5f1a9f3474f96b84855cfc04dc439f51ccb477b8dd264bf6e31ca48b705d468c325a468b62eb
1 Like