Validating an SMTP server
Benny Pedersen
me at junc.eu
Mon Sep 7 22:59:24 CEST 2015
Viktor Dukhovni skrev den 2015-09-07 22:46:
> All three are in fact fine. So the handling of TLSA CNAMEs seems
> to be broken.
+1
openssl.net and openssl.net is still same ssl/tls, skip restriction on
subdomains then ? (include cname mx check or not)
but if openssl.net and openssl.org make subdomain restriction ?
cname to another tls/ssl is worst, where i think cname to same tls/ssl
is still ok
no ?
i am just no expert yet
More information about the dane-users
mailing list