Autor: Phil Pennock Data: A: Jeremy Harris CC: exim-dev Assumpte: Re: [exim-dev] Propose to Merge: 'dnssec' branch
On 2013-03-24 at 15:24 +0000, Jeremy Harris wrote: > Any implications for OCSP-stapling involvement?
No. All this affects which identity and which CA will be expected by
the remote side. OCSP provides proof of continuing validity.
> It looks operable. Since it's a new acronym for people to get used to,
> maybe some hint in the syntax (eg "security = dane")? This also
> makes future incompatible options simpler...
Hrm, perhaps.
Note: for most people, the deployment should be "dane", not manual
need_dnssec stuff. This is more plumbing.
[ compression ] > Send me a pointer; I'll look into it.