Petr,
care to prepare a MR for this? After all, it's RedHat who is making us all to
go through this mess.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 5.
> On 5 Sep 2022, at 18:41, Bjørn Mork wrote:
>
> Petr Menšík writes:
>
>> It is suitable for all other algorithms so I disagree that
>> without algorithms 5 and 7 it is not usable at all. Majority of
>> secured domains use stronger algorithms already.
>
> Would it be the same if it worked
Mark Andrews writes:
> What records in paypal.com do you or your customers actually depend upon
> being signed? Paypal’s web servers depend on CAs not the DNS to provide
> trust anchors. It's not their SMTP servers as paypalcorp.com is not signed.
OK, let's just hope no CA runs Redhat then.
On 9/2/22 14:23, Bjørn Mork wrote:
Mark Andrews writes:
We don’t log rsamd5 is disabled now ec or ed curves when they are not
supported by the crypto provider. Why should rsasha1 based algs be
special?
Because RSASHA1 validation still is a MUST in RFC8624? MD5 is and ED is
not.
I don't know
Petr Menšík writes:
> It is suitable for all other algorithms so I disagree that
> without algorithms 5 and 7 it is not usable at all. Majority of
> secured domains use stronger algorithms already.
Would it be the same if it worked for a majority of TLDs? Say "nz" as
an arbitrary example.
On Sun 04/Sep/2022 14:17:25 +0200 Benny Pedersen wrote:
ARC-Authentication-Results: i=1; mx.pao1.isc.org;
dmarc=pass (p=none dis=none) header.from=tana.it;
spf=pass smtp.mailfrom=tana.it;
dkim=permerror (0-bit key) header.d=tana.it header.i=@tana.it
That stanza is faulty. The key at
6 matches
Mail list logo
