On Mon, Jun 17, 2019 at 05:33:16AM +0300, Lefteris Tsintjelis wrote:
> > The trust-anchor CA certificate MUST be included in your certificate
> > chain configuration for transmission to the SMTP client.
>
> Should all the chain certificates be included, CA root and CA
> intermediate for example,
On 14/6/2019 21:18, Viktor Dukhovni wrote:
>
> The use of private CAs with certificate usage DANE-TA(2) is specified
> for SMTP and supported in Postfix, Exim, ... See:
>
> https://tools.ietf.org/html/rfc7671#section-5.2
>
> The trust-anchor CA certificate MUST be included in your certifica
On 14/6/2019 22:34, Benny Pedersen wrote:
Lefteris Tsintjelis skrev den 2019-06-14 21:18:
On 14/6/2019 22:15, Benny Pedersen wrote:
Lefteris Tsintjelis skrev den 2019-06-14 20:54:
Is there a way to check from logs or headers if DANE was used
(un)successfully and possibly monitor the method as
On Fri, Jun 14, 2019 at 10:18:43PM +0300, Lefteris Tsintjelis wrote:
> >> Is there a way to check from logs or headers if DANE was used
> >> (un)successfully and possibly monitor the method as well?
> >
> > grep Verified in logs
>
> This could very well be from the "known" CAs
Actually, no. Yo
Lefteris Tsintjelis skrev den 2019-06-14 21:18:
On 14/6/2019 22:15, Benny Pedersen wrote:
Lefteris Tsintjelis skrev den 2019-06-14 20:54:
Is there a way to check from logs or headers if DANE was used
(un)successfully and possibly monitor the method as well?
grep Verified in logs
This could
On 14/6/2019 22:15, Benny Pedersen wrote:
Lefteris Tsintjelis skrev den 2019-06-14 20:54:
Is there a way to check from logs or headers if DANE was used
(un)successfully and possibly monitor the method as well?
grep Verified in logs
This could very well be from the "known" CAs
smime.p7s
D
Lefteris Tsintjelis skrev den 2019-06-14 20:54:
Is there a way to check from logs or headers if DANE was used
(un)successfully and possibly monitor the method as well?
grep Verified in logs
On 14/6/2019 21:20, Viktor Dukhovni wrote:
On Fri, Jun 14, 2019 at 06:22:55PM +0300, Lefteris Tsintjelis wrote:
Best to create the DNS record from the public certificate.
No, actually, best to create from the public key.
https://github.com/danefail/list/issues/47#issuecomment-456623996
On Fri, Jun 14, 2019 at 06:22:55PM +0300, Lefteris Tsintjelis wrote:
> One note though, some sites claim the DNS record can be created from
> the private key
Make that the *public* key.
> or the public certificate but it does not apear to work the same.
The public key gets "3 1 1" (assuming SH
On Fri, Jun 14, 2019 at 04:05:27PM +0300, Lefteris Tsintjelis wrote:
> Is it certain that non "well known" CAs can be used? The above site does
> not validate correctly. It checks DNSSEC and TLSA correctly but comes
> with an SMTP error "self signed certificate in certificate chain"
The use of
On 14/6/2019 16:05, Lefteris Tsintjelis wrote:
On 14/6/2019 14:39, Ralph Seichter wrote:
* Lefteris Tsintjelis:
Can I use DANE with postfix or do I need a certificate from a known CA
in order to do that?
With DNSSEC in place, you can simply add the DNS records based on your
own CA's data. No
On 14/6/2019 14:39, Ralph Seichter wrote:
* Lefteris Tsintjelis:
Can I use DANE with postfix or do I need a certificate from a known CA
in order to do that?
With DNSSEC in place, you can simply add the DNS records based on your
own CA's data. No need for certificates from a "well known" CA.
On 14/6/2019 14:39, Ralph Seichter wrote:
* Lefteris Tsintjelis:
Can I use DANE with postfix or do I need a certificate from a known CA
in order to do that?
With DNSSEC in place, you can simply add the DNS records based on your
own CA's data. No need for certificates from a "well known" CA.
* Lefteris Tsintjelis:
> Can I use DANE with postfix or do I need a certificate from a known CA
> in order to do that?
With DNSSEC in place, you can simply add the DNS records based on your
own CA's data. No need for certificates from a "well known" CA.
-Ralph
P.S.: I recommend https://dane.sys
Hi, I already have a working DSNSEC with my own CA. Can I use DANE with
postfix or do I need a certificate from a known CA in order to do that?
smime.p7s
Description: S/MIME Cryptographic Signature
15 matches
Mail list logo
