Let's Encrypt certificates for port 25 SMTP and DANE TLSA
Viktor Dukhovni
ietf-dane at dukhovni.org
Tue Dec 15 02:21:36 CET 2015
[ FYI, from postfix-users ]
> On Dec 14, 2015, at 2:57 PM, Jacob Hoffman-Andrews <jsha at eff.org> wrote:
>
> On 12/14/2015 11:23 AM, Viktor Dukhovni wrote:
>> May I ask for your help in providing configuration guidance to LE
>> users who also plan to publish DANE TLSA records.
>
> I'd be happy to help, but am a little constrained on time. If you've got
> time, would you mind posting a quick explanation at
> https://community.letsencrypt.org/c/server-config of why "3 0 1" records
> are risky with LE certificates, and the alternatives? I think the email
> below is a good start, and if you prefer not to create an account on our
> forums I could repost it with permission. I'll then pin the post for
> some time to make people see it.
Thanks.
https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022
--
Viktor.
More information about the dane-users
mailing list