Setting up Dane again from start
John
john at klam.ca
Thu Feb 12 00:19:16 CET 2015
On 2/11/2015 12:25 PM, Viktor Dukhovni wrote:
> On Wed, Feb 11, 2015 at 06:20:32PM +0100, Frank Fiene wrote:
>
>> That DNS setup looks better, thx.
>>
>>> For a shared key for multiple services that use distinct protocols:
>>>
>>> _dane.mail.example.com. IN TLSA 3 1 1 <sha256 SPKI digest>
>>> _25._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
>>> _110._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
>>> _143._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
>>> _587._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
>>> _993._tcp.mail.example.com. IN CNAME _dane.mail.example.com.
> Note, I am not aware of any IMAP, POP or SMTP submission client
> software that uses DANE, so the records for ports other than 25
> are largely pointless at present.
>
Just curious, you put the actual TLSA record first and then the CNAMEs. Any particular reason for the order?
--
John Allen<br />
KLaM<br />
------------------------------------------<br />
OK, so what is the speed of dark?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150211/becc9583/attachment-0001.bin>
More information about the dane-users
mailing list