> Historically, self-signed certs have been the norm for SMTP servers > because the only real value of TLS for SMTP has been encryption in > transit, not authentication. The adoption of DANE (and its predicate > DNSSEC) may change this eventually, but that's not soon. >
MTA-STS will probably hit more on the valid certificate deal, but it's on the mta-sts record to get the policy. DANE just says this certificate is good, could be expired, self-signed, et al as long as it passes the hash. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
