Postfix recent adoption of new technologies

This year's Postfix release introduces support for a new protocol "DANE" that uses secure DNS to authenticate a mail server's TLS server certificate. This avoids a major weakness in the traditional PKI (public-key infrastructure) where literally hundreds of certificate authorities (CAs) and registratoin authrities (RAs) world-wide can create a certificate in anyone's name. Some of these make mistakes or get hacked. Some are owned by their government, or have strong relations with their government. With secure DNS you only have to trust the people who control the email receiver's Internet domain and those who control its parent domains. You don't have to trust hundreds of CAs and RAs world-wide. There is also new support for a database called LMDB that aims to give better performance and reliability, and that comes with a less restrictive license than the latest versions of Berkeley DB. This development required a lot of persistence, taking five iterations. I think that the result is worth the effort. Finally, the new release continues to make Postfix configurations easier to manage with other programs. A Postfix system does not live in a universe by itself: it needs to work as a building block in a larger system.

Referent:

Wietse Venema is known for his software such as the TCP Wrapper and the POSTFIX mail system. He co-authored the SATAN network scanner and the Coroner's Toolkit (TCT) for forensic analysis, as well as a book on Forensic Discovery. Wietse also presents the occasional academic paper at security conferences. Wietse received awards from the ISSA, the Free Software Foundation, the System Administrator's Guild (SAGE), the Netherlands UNIX User Group (NLUUG), as well as a Sendmail innovation award. He served a two-year term as chair of the international Forum of Incident Response and Security Teams (FIRST). Wietse currently is a research staff member at the IBM T. J. Watson research center. After completing his Ph.D. in physics he changed career to computer science and never looked back.

Externes Video