From e7f6084e78aa922768eb44e0bceb399828ee8537 Mon Sep 17 00:00:00 2001
From: Dennis Baaten <dennis@baaten.com>
Date: Wed, 13 Jul 2022 16:50:31 +0200
Subject: [PATCH] Update DANE-for-SMTP-how-to.md

---
 DANE-for-SMTP-how-to.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/DANE-for-SMTP-how-to.md b/DANE-for-SMTP-how-to.md
index 7603f61..7707395 100644
--- a/DANE-for-SMTP-how-to.md
+++ b/DANE-for-SMTP-how-to.md
@@ -114,8 +114,8 @@ Note that MTA-STA and DANE can co-exists next to each other. They intentionally
 **Usage**: says something about the type of certificate that is used for this TLSA record.  
 0: PKIX-TA (not recommended / [not used for SMTP](https://tools.ietf.org/html/rfc7672#section-3.1.3))  
 1: PKIX-EE (not recommended / [not used for SMTP](https://tools.ietf.org/html/rfc7672#section-3.1.3))  
-2: DANE-TA: intermediate / root certificate  (recommended)  
-3: DANE-EE: end-entity certificate (also called 'host certificate' or 'server certificate') (recommended)  
+2: DANE-TA: intermediate / root certificate (OK)  
+3: DANE-EE: end-entity certificate (also called 'host certificate' or 'server certificate') (OK)  
 
 **Selector**: this is about the scope of the fingerprint regarding this TLSA record.  
 0: fingerprint with regard to the full certificate  (not recommended / [to be avoided](http://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html))