On Mon, 24 Mar 2014, Mark Andrews wrote:
> > Site A only publishes SHA1 entries. Would rather do unauthenticated TLS
> > than trust SHA1?
>
> You left out - report and refuse to send until fixed.
No, that's not what the SMTP draft suggests. When DANE is not there,
then servers just fall back to not authenticating a peer's cert, as they
do nowadays.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
