On Fri, Apr 03, 2026 at 03:04:06PM +0200, Paul van der Vlis via Postfix-users
wrote:
> There is certainly something to criticize about your domain, isn't there? No
> DMARC or SPF policy, and you support ciphers like ADH-AES256-GCM-SHA384 that
> are no longer secure.
The lack of DMARC and SPF is quite deliberate, and aligns well with my
threat model. And See section 8.1 of RFC7672 for the reason why ADH
ciphers are supported with TLS 1.2. Some day I might publish a
specification for a null-certifiacate type with TLS 1.3, but poking
that hornet's hasn't yet been a priority.
> I think it's correct that you don't get 100% ;-)
You're of cours free to apply your criteria to your own domains.
Assuming that your threat model and risk analysis is universally
applicable seems unwise.
I am also free to question the universality of "internet.nl"'s choices.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
