Bug 1254878 - [RFE] Add DANE support
[RFE] Add DANE support
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: postfix (Show other bugs)
Unspecified Unspecified
low Severity medium
: rc
: ---
Assigned To: Jaroslav Škarvada
: FutureFeature, Rebase
Depends On:
Blocks: 1400961 1472751 1534569
  Show dependency treegraph
Reported: 2015-08-19 03:40 EDT by Frank Büttner
Modified: 2018-03-21 13:44 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Frank Büttner 2015-08-19 03:40:51 EDT
Description of problem:
The postfix version which is included (2.10) don't support DANE aka TLSA.
The support for it was added for 2.11 

Version-Release number of selected component (if applicable):

Will it possible to upgrade it for RHEL 7.2?
Comment 2 Jaroslav Škarvada 2015-08-19 06:01:13 EDT
It's too late for 7.2, but maybe in 7.3. If it is critical for you, please escalate it through support channel.
Comment 3 Jaroslav Škarvada 2015-08-19 10:02:13 EDT
It's too complex for backporting, better (and more safe) is to rebase.
Comment 4 Gary T. Giesen 2016-05-17 04:57:36 EDT
Would love to see it as well, as it can help with MITM TLS downgrade attacks. 2.11 also includes support for multiple recipient delimiter characters (which is a huge win as many sites don't accept the "+" char).
Comment 6 Bjoern 2017-01-04 10:33:40 EST
Why not going to 3.1.* ?
Comment 9 Gary T. Giesen 2018-03-21 13:44:32 EDT
Postfix 2.11 received its final update in January 2018, and the entire 2.x branch is no longer supported upstream. I agree at this point it would probably be better to rebase to 3.2.

Note You need to log in before you can comment on or make changes to this bug.