[ FYI, from postfix-users ]
On Dec 14, 2015, at 2:57 PM, Jacob Hoffman-Andrews jsha@eff.org wrote:
On 12/14/2015 11:23 AM, Viktor Dukhovni wrote:
May I ask for your help in providing configuration guidance to LE users who also plan to publish DANE TLSA records.
I'd be happy to help, but am a little constrained on time. If you've got time, would you mind posting a quick explanation at https://community.letsencrypt.org/c/server-config of why "3 0 1" records are risky with LE certificates, and the alternatives? I think the email below is a good start, and if you prefer not to create an account on our forums I could repost it with permission. I'll then pin the post for some time to make people see it.
Thanks.
https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-r...