On Sun, 23 Mar 2014, Viktor Dukhovni wrote:
when the TLSA records are entirely unusable, and in keeping with Tony's original work on the SRV draft, the client reverts to legacy mandatory (practically always unauthenticated) TLS.
That's unfortunate. Perhaps it depends on the definition of "unusable", but if all TLSA records for instance fail the RRSIG validation, I would hope that postfix would abort delivery attempts and definately _not_ fallback to unauthenticated TLS. Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
