TLSA Validation Failed
Bjørn Mork
bjorn at mork.no
Tue Jul 28 15:34:23 CEST 2015
Mark Elkins <mje at posix.co.za> writes:
> For email - you need a TLSA 311 Certificate.
Care to explain why? I am sure I'm missing something here, but this
isn't obvious to me.
And does "email" mean SMTP or POP/IMAP or all of them?
Until now I've just used the same private self-signed CA certificate for
all services, and just created aliases to a common TLSA 2 0 1 record.
This appeared to work fine, but then again: I don't know how I would
detect a failure... There aren't that many validating email clients out
there.
How do you test and validate TLSA records for SMTP, POP and IMAP?
Bjørn
More information about the dane-users
mailing list