Can anyone follow up on this? In other words, are any of you using Let's Encrypt certificates with any of the TLSA options written about?
I'm considering moving to LE but would like some feedback (last post on this thread was four months ago so early adopters should have experienced a renewal by now) On 14/12/2015 10:03 pm, Viktor Dukhovni wrote: >> On Dec 14, 2015, at 2:57 PM, Jacob Hoffman-Andrews <j...@eff.org> wrote: >> >> On 12/14/2015 11:23 AM, Viktor Dukhovni wrote: >>> May I ask for your help in providing configuration guidance to LE >>> users who also plan to publish DANE TLSA records. >> I'd be happy to help, but am a little constrained on time. If you've got >> time, would you mind posting a quick explanation at >> https://community.letsencrypt.org/c/server-config of why "3 0 1" records >> are risky with LE certificates, and the alternatives? I think the email >> below is a good start, and if you prefer not to create an account on our >> forums I could repost it with permission. I'll then pin the post for >> some time to make people see it. > Thanks. > > https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022 >
signature.asc
Description: OpenPGP digital signature
