https://bugs.exim.org/show_bug.cgi?id=2704
--- Comment #6 from Simon Arlott <bugzilla.exim.simon@???> ---
>> There doesn't appear to be a way to require DANE if there's a signed TLSA
>> result without also refusing connections when the host lookup is not signed.
>
> You appear to be confused. DANE is *required* when there are signed
> DANE TLSA records.
I'm not confused. I am stating my understanding of the behaviour of Exim based
on Jeremy's comment.
There is a lack of information on when Exim sets the AD flag or how it
interprets responses. What is "TLSA lookup was dnssec" supposed to mean?
--
You are receiving this mail because:
You are on the CC list for the bug.
