On Wed, 22 May 2013, Viktor Dukhovni wrote:
So this is a good time to deploy server TLSA records:
; SHA256 digest of public key or full certificate.
mail.example.com. IN TLSA 3 1 1 ...
mail.example.com. IN TLSA 3 0 1 ...
; Or SHA256 of issuing trust-anchor CA public key. With the trust-anchor
; issuer certificate included in the server chain file!
;
mail.example.com. IN TLSA 2 1 1 ...
mail.example.com. IN TLSA 2 0 1 ...
Would these be better located at _25._tcp.mail.example.com ? :)
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
