28 Jul
2015
28 Jul
'15
3:34 p.m.
Mark Elkins mje@posix.co.za writes:
For email - you need a TLSA 311 Certificate.
Care to explain why? I am sure I'm missing something here, but this isn't obvious to me.
And does "email" mean SMTP or POP/IMAP or all of them?
Until now I've just used the same private self-signed CA certificate for all services, and just created aliases to a common TLSA 2 0 1 record. This appeared to work fine, but then again: I don't know how I would detect a failure... There aren't that many validating email clients out there.
How do you test and validate TLSA records for SMTP, POP and IMAP?
Bjørn