Mark Elkins <[email protected]> writes: > For email - you need a TLSA 311 Certificate.
Care to explain why? I am sure I'm missing something here, but this isn't obvious to me. And does "email" mean SMTP or POP/IMAP or all of them? Until now I've just used the same private self-signed CA certificate for all services, and just created aliases to a common TLSA 2 0 1 record. This appeared to work fine, but then again: I don't know how I would detect a failure... There aren't that many validating email clients out there. How do you test and validate TLSA records for SMTP, POP and IMAP? Bjørn
