On Fri, Jan 16, 2015 at 10:41:27AM +0100, Markus Benning wrote:
[ Postfix-specific topic, if you're not a Postfix user, you can safely ignore this sub-thread. ]
Outgoing TLS trust-level
2289 Untrusted 914 Verified 235 Trusted
As far as i understand the docs with tls_security_level=dane it should mean:
Verified - DANE okay (or explicit policy map) Trusted - CA signed certificate Untrusted - unknown CA, selfsigned...
There's also "Anonymous". As for DANE, if the destination has TLSA records, you'll see "Verified" when it works, and "Untrusted" when it fails.
With the other security levels, you'll sometimes see "Trusted", when the chain is issued by a trusted CA (if you've configured any), but either peer checks fail or authentication is not required ("encrypt" or "may").