Joachim Lindenberg via Postfix-users:
> Wietse wrote:
> > When an SRV response for "_smtps._tcp.example.com" names the standard SMTP
> > port, the feature overrides a default TLS security level "may" with
> > "encrypt". This is on/off configurable and needs a few lines of code in the
> > SMTP client's MX host iterator to upgrade a default TLS security level from
> > "may" to "encrypt.
>
> Given the fact that "encrypt" implies no "dane" this sounds like
> a bad idea for interoperability with dane sites.
No problem. Postfix currently does not try DANE (or STS) with the
default TLS security level "may".
> All in all, imho interoperability with RFC 7672 and RFC 8461 are
> not addressed sufficiently yet.
Can you be more specific? I think it does not interfere with either
DANE or STS.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
