Validating an SMTP server
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Sep 7 23:06:47 CEST 2015
On Mon, Sep 07, 2015 at 10:59:24PM +0200, Benny Pedersen wrote:
> openssl.net and openssl.net is still same ssl/tls, skip restriction on
> subdomains then ? (include cname mx check or not)
>
> but if openssl.net and openssl.org make subdomain restriction ?
>
> cname to another tls/ssl is worst, where i think cname to same tls/ssl is
> still ok
Sorry, no idea what you're saying. Much too cryptic.
All I can say about openssl.net is that this domain is not DNSSEC
signed, so DANE is out of scope for openssl.net. In any case, it
has neither MX records, nor A or AAAA records, so it receives no
email.
--
Viktor.
More information about the dane-users
mailing list