[Users] Please consider enabling OCSP stapling, DNSSEC, and/or DANE on www.claws-mail.org

John Scott jscott at posteo.net
Sat Apr 15 15:36:24 UTC 2023


Hi,

Would you please consider enabling OCSP stapling, DNSSEC, and possibly
DANE, at least for the website but possibly for the mail servers and
other external-facing services too? To sum up my argument, OCSP stapling
is the efficient and privacy-friendly way to do revocation checking,
DNSSEC will prevent records from being spoofed and serves to benefit all
domains, and DANE will make TLS downgrade attacks virtually impossible
and allow asserting the authenticity of certificates without depending
on the traditional and problematic certificate authority model.

Please let me know how I can help.

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20230415/eb40d6f0/attachment.sig>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5880 bytes
Desc: not available
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20230415/eb40d6f0/attachment.bin>


More information about the Users mailing list