On Sat, Jun 14, 2014 at 10:23:22AM -0400, Warren Kumari wrote:
> > Jun 11 05:31:52 ore postfix/smtp: Verified TLS connection established to
> > mail.ietf.org
> > Jun 11 23:35:01 ore postfix/smtp: Untrusted TLS connection established to
> > mail.ietf.org
> >
> > Does anyone know why the tlsa was removed?
>
> Nope.
> At first I assumed that they had failed over to the "backup" server
> (there is only one MX record), and had removed the TLSA because the
> backup didn't do STARTTLS -- but that doesn't seem to be it...
>
> So, I've sent the relevant folk mail and will let y'all know when I hear back.
I just tried it, and it is back:
$ dig +noall +comment +ans +ad -t tlsa _25._tcp.mail.ietf.org.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25795
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 0
;; ANSWER SECTION:
_25._tcp.mail.ietf.org. 1758 IN TLSA 3 1 1
0C72AC70B745AC19998811B131D662C9AC69DBDBE7CB23E5B514B566 64C5D3D6
$ posttls-finger -c -Lsummary ietf.org
posttls-finger: Verified TLS connection established to
mail.ietf.org[4.31.198.44]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
