Hello, On 2021-08-08, at 10:25 (UTC-0400), Wietse Venema had the following to say:
: Mono DHS:
:
: Checking application/pgp-signature: FAILURE
Perhaps hkps://keyserver.ubuntu.com might help.
Key servers are the bane of OpenPGP. I don't own/control the domain of
the email address I am writing under, so there is no way for me to have
DANE records of my public keys in the DNS.
: There is a comment in the function that implements check_xxx_yy_access:
:
: /*
: * Treat an address literal as its own MX server, just like we treat a
: * name without MX record as its own MX server. There is, however, no
: * applicable NS server equivalent.
: */
Basically, all I want is to avoid DNS lookups where they contribute no
new information. And we certainly do not need those for ⟨address-literal⟩s.
It would appear that check_helo_a_access tables provide indeed what
I need. Its documentation somewhat strays from what the code actually
makes the reader believe, because the former does only mention "IP addresses
for the HELO or EHLO hostname", and not its capability to deal with
⟨address-literal⟩s. That's an important operational distinction to
make.
There is another comment in check_server_access() a little further down,
that reads
/*
* If the request is type A or AAAA, fabricate an MX record that points
* to the domain name itself, and skip name-based access control.
…
What is "name-based access control", and how does it differ from
what check_domain_access() does?
Thanks,
Mono
signature.asc
Description: PGP signature
