Postfix DANE support for Certificate Usage = 0/1?
Michael Ströder
michael at stroeder.com
Sun Mar 1 20:37:04 CET 2015
Viktor Dukhovni wrote:
> The two models coexist seamlessly, and many existing DANE SMTP
> sites use certificates from a public CA.
But you switch off X.509 validation if DANE is used.
I'd like to see DNSSEC/DANE/TLSA as an *additional* mechanism but still
requiring X.509 validation to be fully performed. With this multiple trust
anchors would be effective which is IMO the real solution.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4252 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150301/10673adb/attachment.bin>
More information about the dane-users
mailing list