Wolfgang Breyha wbreyha at
Mon Jan 19 13:39:00 CET 2015

On 19/01/15 13:21, Felix Eckhofer wrote:
> Note that it says client treatment is undefined. It also says "should", not

And that makes which difference? ;-)

> However, I don't think the connection should fail one way or the other (the
> certificate appears to be signed by a proper CA even). See dane-smtp 2.2.

I think the TLSA RR should not (or SHOULD NOT?) be used for DANE, but on
the other hand the TLS connection should not fail since there is no
"usable" TLSA record at all in respect to DANE-SMTP. Right?

Greetings, Wolfgang
Wolfgang Breyha <wbreyha at> |
Vienna University Computer Center | Austria

More information about the dane-users mailing list