On Fri, Sep 20, 2013 at 04:39:42PM +0200, Stefan Foerster wrote:
> > There is no such need, the draft RFC allows server operators to use
> > *either* name (whichever they prefer), and requires clients to support
> > both. There is NO requirement for server operators to publish both.
>
> To be ho
* Viktor Dukhovni :
> On Fri, Sep 20, 2013 at 11:47:35AM +0200, Stefan Foerster wrote:
> > - make sure the submission server at mail.example.com has certificates
> > for mail.example.com as well as example.com, with example.com being
> > the certificate that's displayed when the client does't s
On Fri, Sep 20, 2013 at 11:47:35AM +0200, Stefan Foerster wrote:
> I see. So, for joe.u...@example.com the whole setup would probably be
> something along:
>
> - publish SRV record for _submission._tcp SRV 0 1 587 mail.example.com
Yes. Though it will be some time before most MUAs are zeroconf i
* Viktor Dukhovni :
> On Thu, Sep 19, 2013 at 10:44:27AM +0200, Stefan Foerster wrote:
> > * Viktor Dukhovni :
> > > You should be looking at the SMTP draft, not the OPS draft. [...]
> > Would that be draft-ietf-dane-smtp-01? Because this one, too,
> > explicitely doesn't cover mail submission.
> N
On Thu, Sep 19, 2013 at 10:44:27AM +0200, Stefan Foerster wrote:
> * Viktor Dukhovni :
> > On Wed, Sep 18, 2013 at 03:27:14PM +0200, Stefan Foerster wrote:
> > > And while we are at it, one more question, slightly unrelated:
> > > draft-dukhovni-dane-ops-01 does not mention MSAs. Is it commonly
>
* Viktor Dukhovni :
> On Wed, Sep 18, 2013 at 03:27:14PM +0200, Stefan Foerster wrote:
> > And while we are at it, one more question, slightly unrelated:
> > draft-dukhovni-dane-ops-01 does not mention MSAs. Is it commonly
> > expected that user agents will not support TLSA RRs?
>
> You should be
On Wed, Sep 18, 2013 at 05:49:53PM +0200, Stefan Foerster wrote:
> I noticed that posttls-finger is not part of any upstream source I
> could find, leading me to github - is that intentional?
It is inaccurate. The posttls-finger utility has been included in
Postfix snapshots since postfix-2.11-2
* Viktor Dukhovni :
> I ran posttls-finger from my laptop, and got:
[...]
> So you're all set.
Thanks for taking the time to do this, I appreciate it.
I noticed that posttls-finger is not part of any upstream source I
could find, leading me to github - is that intentional?
Stefan
On Wed, Sep 18, 2013 at 03:27:14PM +0200, Stefan Foerster wrote:
> I'm not sure it this is the right place to ask, so if it's not, feel
> free to tell me.
This is Postfix related.
> I configured DANE TLSA RRs for incertum.net, port 25 a few days ago,
> but until now, the only "test" I could perf
Hello world,
I'm not sure it this is the right place to ask, so if it's not, feel
free to tell me.
I configured DANE TLSA RRs for incertum.net, port 25 a few days ago,
but until now, the only "test" I could perform was bootstrapping a
recent Postfix snapshot and the latest OpenSSL and send myself
10 matches
Mail list logo
