19 Jan
2015
19 Jan
'15
1:39 p.m.
On 19/01/15 13:21, Felix Eckhofer wrote:
Note that it says client treatment is undefined. It also says "should", not "SHOULD".
And that makes which difference? ;-)
However, I don't think the connection should fail one way or the other (the certificate appears to be signed by a proper CA even). See dane-smtp 2.2.
I think the TLSA RR should not (or SHOULD NOT?) be used for DANE, but on the other hand the TLS connection should not fail since there is no "usable" TLSA record at all in respect to DANE-SMTP. Right?
Greetings, Wolfgang
--
Wolfgang Breyha wbreyha@gmx.net | http://www.blafasel.at/
Vienna University Computer Center | Austria