DANE: Remove fallback from hosts_try_dane. If TLSA record not retrieved,

do not use this host.
author: Jeremy Harris <jgh146exb@wizmail.org> 2016-04-24 16:53:25 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2016-04-24 16:53:25 +0100
commit: 4b0fe31936b336d12836875101dcac6599d127ee (patch)
tree: 2495b59338f71113b5fbf3b4d2659fc3e709710c /doc/doc-txt/experimental-spec.txt
parent: c035b645ba3549472b9a835b845c2027b16a4cf2 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 4836a7d51..993b5b05c 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -884,18 +884,20 @@ with DANE in their OCSP settings.
 
 
 For client-side DANE there are two new smtp transport options,
-hosts_try_dane and hosts_require_dane.  They do the obvious thing.
+hosts_try_dane and hosts_require_dane.
 [ should they be domain-based rather than host-based? ]
 
+Hosts_require_dane will result in failure if the target host
+is not DNSSEC-secured.
+
 DANE will only be usable if the target host has DNSSEC-secured
 MX, A and TLSA records.
 
 A TLSA lookup will be done if either of the above options match
 and the host-lookup succeded using dnssec.
 If a TLSA lookup is done and succeeds, a DANE-verified TLS connection
-will be required for the host.
-
-(TODO: specify when fallback happens vs. when the host is not used)
+will be required for the host.  If it does not, the host will not
+be used; there is no fallback to non-DANE or non-TLS.
 
 If DANE is requested and useable (see above) the following transport
 options are ignored:
author	Jeremy Harris <jgh146exb@wizmail.org>	2016-04-24 16:53:25 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2016-04-24 16:53:25 +0100
commit	4b0fe31936b336d12836875101dcac6599d127ee (patch)
tree	2495b59338f71113b5fbf3b4d2659fc3e709710c /doc/doc-txt/experimental-spec.txt
parent	c035b645ba3549472b9a835b845c2027b16a4cf2 (diff)