On 2012-04-16 at 21:51 +0100, Jeremy Harris wrote: > On 2012-04-16 07:52, Phil Pennock wrote: > > we'd better have DNSSEC > > support in Exim > > Also a good notion. Wishlist item, or should it be handled by some > other software component on the system (nscd, etc.)?
Should be able to set it as a resolver client option and check bits in the result, leaving it up to the administrator to install a verifying resolver. That way we avoid implementing a lot of logic which breaks with new algorithms, bug-fixes etc, and which is prone to security implications. We just delegate. The admin can install "unbound" or configure "bind" to verify, or whatever. > > I suspect that > > we'd be better off with DN parse routines exposed as expansion > > operators (or items), which would help with LDAP too. > > That would work. It's not something I know about; does anyone > else work in that area who's prepared to take it on? I didn't look but assumed that the actual parse logic was necessarily in the original patch, to be able to get CN out. > > TLS debugging: I'm all in favour of more detailed information in debug > > logs. > > The implication is that it got lost and ought to > be accepted, as opposed to wasn't found useful? I wasn't an Exim developer in 2002. I have no context, beyond what I saw in the thread, which suggests that things simply got lost. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
