On 05/08/2016 04:51, Viktor Dukhovni wrote:
On Fri, Aug 05, 2016 at 04:33:25AM +0200, Jakob Bohm wrote:
I haven't read that proposal, but if the HTTPS server has to use the
same host name as the SMTPS server, then the SMTPS server could just
use the certificate directly.
There is at best a ver
On Fri, Aug 05, 2016 at 04:33:25AM +0200, Jakob Bohm wrote:
> I haven't read that proposal, but if the HTTPS server has to use the
> same host name as the SMTPS server, then the SMTPS server could just
> use the certificate directly.
There is at best a very tenuous analogy between TLS for HTTP an
On 05/08/2016 01:48, Viktor Dukhovni wrote:
On Thu, Aug 04, 2016 at 04:30:39PM -0700, Carl Byington wrote:
Have you seen the mta-sts proposal:
Of course.
But mta-sts starts with an unauthenticated dns TXT record.
Yes, this is but one of its compromises.
If that proposal is worth anything,
On Thu, Aug 04, 2016 at 04:30:39PM -0700, Carl Byington wrote:
> Have you seen the mta-sts proposal:
Of course.
> But mta-sts starts with an unauthenticated dns TXT record.
Yes, this is but one of its compromises.
> If that proposal is worth anything, it indicates there is some use for a
> mec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-08-04 at 22:33 +, Viktor Dukhovni wrote:
> Such configurations will be rather rare, and offer minimal incremental
> MITM protection. The code and documentation to support this use-case
> and explain it to users are not worth the tr
On Thu, Aug 04, 2016 at 03:05:00PM -0700, Carl Byington wrote:
> > OpenSSL version 1.1.0 pre release 6 (beta)
>
> Seems to work in my openssl/sendmail/dane test environment.
Thanks for the confirmation.
> http://www.five-ten-sg.com/mapper/blog/dane
Note, I still firmly hold that the "o DANE=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> OpenSSL version 1.1.0 pre release 6 (beta)
Seems to work in my openssl/sendmail/dane test environment.
http://www.five-ten-sg.com/mapper/blog/dane
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAleju/sACgkQL6j7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.1.0 pre release 6 (beta)
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 1.1.0 is currently in beta. OpenSSL 1.1.0 pre release 6 has now
b
