On 02/28/2013 01:31 PM, Vernon Schryver wrote:
From: Tony Finch <d...@dotat.at>
Another reason not to use made-up domain names: CAs are going to stop
issuing X.509 certificates for them. (It baffles me why they ever did so.)
http://ssl.entrust.net/blog/?p=1831
That's another reason to publish your own DANE records including
TLSA and SMIMEA.
I have been on a thread over on the postfix list where DANE support and
such is being discussed. Will get there eventually.
Also consider this comment in that announcement:
This issue is particularly a problem with Microsoft Exchange
users where non-FQDN names are used frequently
I wish that would be enough to get Microsoft to teach Exchange to
use DANE.
Why am I not surprised to see that the "recommended solutions" of
https://www.cabforum.org/Guidance-Deprecated-Internal-Names.pdf linked
from that Entrust.net web page mentions DANE or DNSSEC not at all but
does include some less plausible "solutions"?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
