> On Dec 14, 2015, at 2:57 PM, Jacob Hoffman-Andrews <j...@eff.org> wrote: > > On 12/14/2015 11:23 AM, Viktor Dukhovni wrote: >> May I ask for your help in providing configuration guidance to LE >> users who also plan to publish DANE TLSA records. > > I'd be happy to help, but am a little constrained on time. If you've got > time, would you mind posting a quick explanation at > https://community.letsencrypt.org/c/server-config of why "3 0 1" records > are risky with LE certificates, and the alternatives? I think the email > below is a good start, and if you prefer not to create an account on our > forums I could repost it with permission. I'll then pin the post for > some time to make people see it.
Thanks. https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022 -- Viktor.
