On Fri, Sep 06, 2013 at 05:39:19PM +0000, Viktor Dukhovni wrote:
> In the mean time Google can easily add client-side DANE TLSA support,
> this just requires a DNSSEC aware resolver.
Plus of course very carefully written DANE-aware peer-chain
verification code in the SMTP client. Some implementations
forget to properly check the validity of usage "2" chains
(that each element is unexpired, signed by its parent, ...).
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
