19 Jan
2015
19 Jan
'15
1:21 p.m.
Hey.
Am 19.01.2015 12:49, schrieb Wolfgang Breyha:
Postfix doesn't honor 3.1.3 of the latest DANE-SMTP draft then?
It appears not to.
"...SMTP client treatment of TLSA RRs with certificate usages PKIX-TA(0) or PKIX-EE(1) is undefined. SMTP clients should generally treat such TLSA records as unusable."
Note that it says client treatment is undefined. It also says "should", not "SHOULD". However, I don't think the connection should fail one way or the other (the certificate appears to be signed by a proper CA even). See dane-smtp 2.2.
felix