Re: [exim-dev] Propose to Merge: 'dnssec' branch

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Phil Pennock
Data:  
Para: Jeremy Harris
CC: exim-dev
Asunto: Re: [exim-dev] Propose to Merge: 'dnssec' branch
On 2013-03-24 at 15:24 +0000, Jeremy Harris wrote:
> Any implications for OCSP-stapling involvement?


No. All this affects which identity and which CA will be expected by
the remote side. OCSP provides proof of continuing validity.

> It looks operable. Since it's a new acronym for people to get used to,
> maybe some hint in the syntax (eg "security = dane")? This also
> makes future incompatible options simpler...


Hrm, perhaps.

Note: for most people, the deployment should be "dane", not manual
need_dnssec stuff. This is more plumbing.

[ compression ]
> Send me a pointer; I'll look into it.


I'll see what state it's in.

-Phil