ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4

2020-03-03 12:26:19
from [Alessandro Vesely] [Permanent Link] 
On Tue 03/Mar/2020 14:50:14 +0100 Дилян Палаузов wrote:

Hello,

on a very short notice, Let’s Encrypt revokes its certificates with the 
message below.  This effectively means to start
and complete TLSA/DANE/DNSSEC certificate rollover within 24h.



If timely renewal works, everything should keep on working smoothly.



Is this possible in general, when the DNS TTL on its own is 24h?  Do I 
understand something wrong, stating  that this
mass revokation is just bad for DANE+SMTP?



How about shortening the TTL right now?



What is the right way to mass revoke certificates involved in DANE?



I think you can always get new certificates, add new TLSA records, and swap
certificates right before revocation, hoping the new records will have
propagated by then.


hth
Ale
-- 
































_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4, Дилян Палаузов
Next by Date:  Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4, Russ Allbery
Previous by Thread:  [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4, Дилян Палаузов
Next by Thread:  Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]