Greetings, Viktor Dukhovni!
>>
>> But in cases where remote sites do not have published key material, the
>> fallback is may with dane, which is a step back in terms of security and
>> not wanted.
>>
>> How can we specify:
>>
>> 1, Always use at least encrypt
>> 2, When TLSA-records are found
Wietse Venema:
> Viktor Dukhovni:
> > > On Jan 28, 2019, at 7:59 AM, Stefan Bauer wrote:
> > >
> > > But in cases where remote sites do not have published key material, the
> > > fallback is may with dane, which is a step back in terms of security and
> > > not wanted.
> > >
> > > How can we
Viktor Dukhovni:
> > On Jan 28, 2019, at 7:59 AM, Stefan Bauer wrote:
> >
> > But in cases where remote sites do not have published key material, the
> > fallback is may with dane, which is a step back in terms of security and
> > not wanted.
> >
> > How can we specify:
> >
> > 1, Always use
> On Jan 28, 2019, at 7:59 AM, Stefan Bauer wrote:
>
> But in cases where remote sites do not have published key material, the
> fallback is may with dane, which is a step back in terms of security and not
> wanted.
>
> How can we specify:
>
> 1, Always use at least encrypt
> 2, When
Hi,
we would like to go the next step, enable smtp_tls_security_level = dane.
Currently we have encrypt site-wide.
But in cases where remote sites do not have published key material, the
fallback is may with dane, which is a step back in terms of security and
not wanted.
How can we specify:
1,
