On 23/08/2022 20:12, Viktor Dukhovni via Exim-dev wrote:
Note that if this also potentially applies to TLSA lookups, then downgrading SRVFAIL (try again) to NXDOMAIN breaks the downgrade resistance of DANE.
Yup, it would be too easy to write a configuration that did that. I'll add code to ignore that option for TLSA lookups. -- Thanks, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
