On Thu, Jan 29, 2026 at 01:06:35PM -0500, pgnd via Postfix-users wrote:
> i _do_ use 3 1 1 here. certainly easier to manage.
If you're soliciting client "certificates" and any associated access
checks are (wisely) keyed by a digest of just the public key (rather
than the full certificate), consider also setting:
smtpd_tls_enable_rpk = yes
Which would reduce bload in the client-to-server direction for any
ML-DSA client public keys.
> > See above, with MTA-STS best to be careful, otherwise you should be
> > fine (provided DANE TLSA records are absent or also match any ML-DSA
> > cert).
>
> certainly further along than i'd understood.
> some actual try-it-and-see certainly sounds doable -- now.
> thanks for the comments.
You're welcome, good luck. With PQC, keep in mind that you're
volunteering to be a guineapig for as yet unproven new technology. This
might be valuable experience to have under your belt, but isn't
especially beneficial at present. Time will tell.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
