Setting up Dane again from start
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Feb 11 18:25:32 CET 2015
On Wed, Feb 11, 2015 at 06:20:32PM +0100, Frank Fiene wrote:
> That DNS setup looks better, thx.
>
> > For a shared key for multiple services that use distinct protocols:
> >
> > _dane.mail.example.com. IN TLSA 3 1 1 <sha256 SPKI digest>
> > _25._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
> > _110._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
> > _143._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
> > _587._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
> > _993._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
Note, I am not aware of any IMAP, POP or SMTP submission client
software that uses DANE, so the records for ports other than 25
are largely pointless at present.
--
Viktor.
More information about the dane-users
mailing list