From 60d7e5bae130e7b7536b54dddfdfa74dcfa6b018 Mon Sep 17 00:00:00 2001 From: Dennis Baaten Date: Mon, 20 May 2019 16:49:27 +0200 Subject: [PATCH] Updated DANE for SMTP how to (markdown) --- DANE-for-SMTP-how-to.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DANE-for-SMTP-how-to.md b/DANE-for-SMTP-how-to.md index aece966..50a2ec3 100644 --- a/DANE-for-SMTP-how-to.md +++ b/DANE-for-SMTP-how-to.md @@ -20,7 +20,7 @@ Because it is important that there is always a valid TLSA record to make sure ma * Current + next. This roll-over scheme provides two TLSA records per mail server. One with the fingerprint of the current mail server's certificate (usage type 3), and another with the fingerprint of the future mail server's certificate (usage type 3). The latter can, for example, be determined by using a Certificate Signing Request (CSR). * Current + issuer. This roll-over scheme provides two TLSA records per mail server. One with the fingerprint of the current mail server's certificate (usage type 3), and another with the fingerprint of a certificate within the current mail server's certificate chain of trust; an intermediate or root certificate. -# Tips and tricks for implementation +# Tips, tricks and notices for implementation This section describes several pionts for attention when implementing DANE for SMTP. * Purchasing of expensive certificates for mail server has no to little added value for the confidentiality since mail server don't validate certificates by default. Depending on the context there can be other advantages which makes organizations decide to use specific certificates.