Technically speaking dane verification is totally on client side, as a server owner you can put tlsa record on any service which rely on tls and any port, there was attempt even to introduce it in https (firefox had plugin for verification), but due to low level of dnssec spreading (as some tlds still fail to add ability for it, as well as domain owners not interested in enabling it even when they can). Don't need to forget about complexity in operation on dns changes on cert rotation or requirements to reuse same private key to not rotate tlsa I think it not get supported in other protocols and just CA trust is used.
-- *Best Regards,* Dmitriy Alekseev DevOps Engineer On Sat, 7 Feb 2026, 13:10 Byunghee HWANG (황병희) via Postfix-users, < [email protected]> wrote: > (sorry for late) > > "Byunghee HWANG via Postfix-users" <[email protected]> > writes: > > > (...) > > May i use 587 port with DANE? > > Wietse: > Just i wanted to know the limits of DANE. Thank you for your kind reply. > > Viktor: > I'll try the method you suggested someday. Thank you so much. Special > thanks to DANE and TLS. > > > Sincerely, > _______________________________________________ > Postfix-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
