Re: Configuring DANE TLSA - "wizard"

Tue, 02 Jun 2015 07:44:19 -0700 

> It turns downgrade attacks into denial of service.  DANE-enabled
> clients do not deliver mail in cleartext to servers with published
> TLSA RRs.

Thanks, Victor.  Should have re-read TLS_README before asking.

> DO NOT publish stale TLSA records!!!

Errm?  No I didn't.

Reply via email to