New tools in Postfix 3.1-20160207
It will soon (when 3.1 is released this month) be much easier to manage your certificates and TLSA records with Postfix:
http://www.postfix.org/TLS_README.html#built-in
http://www.postfix.org/postfix-tls.1.html
This only supports DANE-EE(3) "3 1 1" TLSA records at present, but should simplify interaction with Let's Encrypt by generating the CSR for you, and separates creation of keys/certs from deployment, giving you the opportunity to update the TLSA records first, let the old records expire from secondary nameservers and caches and then deploy...
Dear Colleagues,
Thanks for all information. fyi, currently we are still in progress for pandi.id security development initial stage.as .id registry.
Cheers, /tap Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland.
-------- Original Message -------- Subject: New tools in Postfix 3.1-20160207 Local Time: February 8, 2016 9:39 am UTC Time: February 8, 2016 2:39 AM From: ietf-dane@dukhovni.org To: dane-users@sys4.de
It will soon (when 3.1 is released this month) be much easier to manage your certificates and TLSA records with Postfix:
http://www.postfix.org/TLS_README.html#built-in
http://www.postfix.org/postfix-tls.1.html
This only supports DANE-EE(3) "3 1 1" TLSA records at present, but should simplify interaction with Let's Encrypt by generating the CSR for you, and separates creation of keys/certs from deployment, giving you the opportunity to update the TLSA records first, let the old records expire from secondary nameservers and caches and then deploy...
-- Viktor.
participants (2)
-
TAP-{R&D} -
Viktor Dukhovni