On 2018-09-13 at 16:30 +0300, Vladimir Dubrovin via mailop wrote: > For opportunistic TLS, there is no difference between certificate signed > by CA and self-signed certificate (or even unsigned), because > cerificatate is usually not validated. Certificate validation is useless > here, because opportunistic TLS falls back to cleartext anyway. > > For DANE, again there is no difference, because certificate is pinned > via DNS.
There are two modes with DANE in SMTP. Usage 3, the certificate is pinned. (DANE-EE, End-Entity) Usage 2, the CA certificate is pinned, and so you need to provide the trust chain back to the anchored CA. (DANE-TA, Trust-Anchor) Whether to use DANE-EE or DANE-TA is a local decision; there are various opinions online (aren't there always) but really it boils down to how integrated DNS editing is to your mail-server workflow and whether or not you want to setup pre-staging of certificates before actually serving them, then only put them live later. I like to keep life simple, and to use the certificates as soon as they're issued; I publish DANE-TA records, using Lets Encrypt anchors. If there's a LE CA certificate roll which changes the public keys, then I need to pay attention to the warnings online and update the DNS records, but otherwise DNS is unchanged when the certificates are issued. DANE-TA/SPKI means that if there's another cert reissuance using the same private/public keypair (as done for Let's Encrypt X1/X2 -> X3/X4) then I don't need to care. (RFC 7218 for the terminology) -Phil _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop