wbreyha at gmx.net
Mon Jan 19 13:39:00 CET 2015
On 19/01/15 13:21, Felix Eckhofer wrote:
> Note that it says client treatment is undefined. It also says "should", not
And that makes which difference? ;-)
> However, I don't think the connection should fail one way or the other (the
> certificate appears to be signed by a proper CA even). See dane-smtp 2.2.
I think the TLSA RR should not (or SHOULD NOT?) be used for DANE, but on
the other hand the TLS connection should not fail since there is no
"usable" TLSA record at all in respect to DANE-SMTP. Right?
Wolfgang Breyha <wbreyha at gmx.net> | http://www.blafasel.at/
Vienna University Computer Center | Austria
More information about the dane-users