It appears that starting a couple of days ago, newly issued/renewed
Let's Encrypt (LE) certificates will be signed by R12, R13, E7 and E8,
rather than the previously active R10, R11, E5 and E6. See the
announcement at:
https://community.letsencrypt.org/t/switching-issuance-to-new-intermediates/240073
and the associated advice on the DANE survey site:
https://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html
Of course everyone who includes LE issuer CA public key or cert hashes
in their TLSA records should already be covered by including all of
R10-R14 and/or E5-E9, but sadly many are not, because the DANE survey
shows that the MX host counts for the various LE CAs are skewed in
favour of the previously active issuers:
# | CA
-----+-----
63 | X3 -- Long obsolete should not be used
12 | X4 -- Long obsolete should not be used
370 | R3 -- Long obsolete should not be used
119 | R4 -- Long obsolete should not be used
116 | E1 -- Long obsolete should not be used
91 | E2 -- Long obsolete should not be used
773 | E5
803 | E6
392 | E7
391 | E8
382 | E9
813 | R10
806 | R11
466 | R12
469 | R13
462 | R14
608 | ISRG X1 root
246 | ISRG X2 root
If you still want to rely on TLSA records tied to the LE issuers, and
haven't published the appropriate full set of hashes, better late than
never. You'll need to do so now. And of course you'll need to keep up
with the news from LE and make additional timely changes in the future
as the CAs used by LE evolve.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
