Re: [exim-dev] Propose to Merge: 'dnssec' branch

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Jeremy Harris
CC: exim-dev
Subject: Re: [exim-dev] Propose to Merge: 'dnssec' branch
On 2013-03-24 at 15:24 +0000, Jeremy Harris wrote:
> Any implications for OCSP-stapling involvement?


No. All this affects which identity and which CA will be expected by
the remote side. OCSP provides proof of continuing validity.

> It looks operable. Since it's a new acronym for people to get used to,
> maybe some hint in the syntax (eg "security = dane")? This also
> makes future incompatible options simpler...


Hrm, perhaps.

Note: for most people, the deployment should be "dane", not manual
need_dnssec stuff. This is more plumbing.

[ compression ]
> Send me a pointer; I'll look into it.


I'll see what state it's in.

-Phil