>>>>> "VD" == Viktor Dukhovni <[email protected]> writes:
VD> * In Publisher Operational considerations again mention the need VD> to avoid PKIX-TA/PKIX-EE Do mention that the reason is that most MXs do not configure the OS's CA suite by default, and most operators leave that as is. Ie, that it is not a fundamental limitation of SMTP but rather a nearly ubiquitous reality of how they are configured for port 25. VD> * In Publisher Operational considerations note that DANE TLSA and VD> MTAs that only offer STARTTLS selectively (e.g. to client that VD> pass greylisting) don't mix. +inf on that! VD> * Note that some software cannot send root trust-anchors, if so VD> the server TLSA records need to list an intermediate CA or use VD> DANE-EE(3). Also helpful. VD> * In section 3.1.3 note that the SHOULD NOT for PKIX-TA/PKIX-EE VD> applies only to MTA-to-MTA SMTP, and MUA-to-MSA is not in scope. VD> Should I add these to -15 before IETF LC? +1. -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
