On 08/26/2015 09:03 PM, Viktor Dukhovni wrote:
Postfix implements a PKIX-EE(1) to DANE-EE(3) mapping that is ad-hoc and not standardized by any IETF document. That mapping has been mostly harmless, but should perhaps be withdrawn in a future release. The mapping predates the finalization of the corresponding text in the MTA-to-MTA DANE draft. Given that dearth of domains publishing PKIX-EE(1) there's really little point in bending the rules to support a negligible fraction of outliers. Furthermore, support for 3->1 mappings might lead users to erroneously expect 0->2 mappings, but the latter are in fact problematic. So supporting neither of the potential mappings is simpler and cleaner.
Okay, thank you. so 1 [0|1] 1 hash is not incorrect, just useless for opportunistic. Is it safe to assume there are not any (current) downsides to using 1 [0|1] 1 hash w/ submission port 587?
