I´d say Viktor is biased towards 3 1 1. You may call me biased towards 2 1 1 because I dislike pinning a key that is supposed to rotate. In any case you need to automate updates or monitoring and I do, though the relevant "change" use case in 2 1 1 didn´t happen so far. Joachim
-----Ursprüngliche Nachricht----- Von: Byung-Hee HWANG via Postfix-users <postfix-users@postfix.org> Gesendet: Donnerstag, 14. Dezember 2023 10:39 An: postfix-users@postfix.org Betreff: [pfx] Re: TAKE NOTE 3: Upcoming new Let's Encrypt intemediate issuer CAs. raf via Postfix-users <postfix-users@postfix.org> writes: > On Fri, Dec 08, 2023 at 02:00:55PM -0500, Viktor Dukhovni via Postfix-users > <postfix-users@postfix.org> wrote: > >> So anyone relying on DANE-TA(2) (certificate usage 2) needs to >> closely watch for upcoming announcements from LE, and be prepared to >> add TLSA records for the new intemediates soon. Or stop playing >> their game, and switch to a robust "3 1 1" + "3 1 1" model with a >> stable by default key during certificate renewals. >> >> -- >> Viktor. > > You know it makes sense. > Hmm... I'm serious now. I plan to start all 311 work in January next year. If it weren't so hard. Thanks for news, raf and Viktor! Sincerely, Byung-Hee _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
