Postfix DANE support for Certificate Usage = 0/1?
michael at stroeder.com
Sun Mar 1 20:37:04 CET 2015
Viktor Dukhovni wrote:
> The two models coexist seamlessly, and many existing DANE SMTP
> sites use certificates from a public CA.
But you switch off X.509 validation if DANE is used.
I'd like to see DNSSEC/DANE/TLSA as an *additional* mechanism but still
requiring X.509 validation to be fully performed. With this multiple trust
anchors would be effective which is IMO the real solution.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4252 bytes
Desc: S/MIME Cryptographic Signature
More information about the dane-users