On Thu, Dec 14, 2023 at 11:04:32AM +0100, Joachim Lindenberg via Postfix-users
wrote:
> I´d say Viktor is biased towards 3 1 1.
It isn't a bias, it is a rational recommendation. There are multiple
issues with "2 1 1":
- With a public issuer CA, you're adding a redundant trusted party,
r.
Joachim
-Ursprüngliche Nachricht-
Von: Byung-Hee HWANG via Postfix-users
Gesendet: Donnerstag, 14. Dezember 2023 10:39
An: postfix-users@postfix.org
Betreff: [pfx] Re: TAKE NOTE 3: Upcoming new Let's Encrypt intemediate issuer
CAs.
raf via Postfix-users writes:
> On Fri, Dec 08, 2023 a
raf via Postfix-users writes:
> On Fri, Dec 08, 2023 at 02:00:55PM -0500, Viktor Dukhovni via Postfix-users
> wrote:
>
>> So anyone relying on DANE-TA(2) (certificate usage 2) needs to closely
>> watch for upcoming announcements from LE, and be prepared to add TLSA
>> records for the new inteme
On Fri, Dec 08, 2023 at 02:00:55PM -0500, Viktor Dukhovni via Postfix-users
wrote:
> My previous post on this topic noted that covered Let's Encrypt are
> planning to *randomise* the choice of intermediate issuer CA used with
> each renewal.
>
> It now turns out that they will also be switchin
