Warn on OCSP interaction with DANE

author Jeremy Harris <jgh146exb@wizmail.org>

Mon, 1 Sep 2014 13:54:59 +0000 (14:54 +0100)

committer Jeremy Harris <jgh146exb@wizmail.org>

Mon, 1 Sep 2014 13:54:59 +0000 (14:54 +0100)
author Jeremy Harris <jgh146exb@wizmail.org>
Mon, 1 Sep 2014 13:54:59 +0000 (14:54 +0100)
committer Jeremy Harris <jgh146exb@wizmail.org>
Mon, 1 Sep 2014 13:54:59 +0000 (14:54 +0100)
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt

index 28591eaf7085f5fc56d88c65d3beb516eba6540f..769f0229de03171266cee6c9d47a5e1b60a7afa9 100644 (file)
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -1253,7 +1253,9 @@ hosts_request_ocsp includes the string "tls_out_tlsa_usage",
  they are re-expanded in time to control the OCSP request.
  
  This modification of hosts_request_ocsp is only done if
-it has the default value of "*".
+it has the default value of "*".  Admins who change it, and
+those who use hosts_require_ocsp, should consider the interaction
+with DANE in their OCSP settings.
  
  
  For client-side DANE there are two new smtp transport options,
author	Jeremy Harris <jgh146exb@wizmail.org>
	Mon, 1 Sep 2014 13:54:59 +0000 (14:54 +0100)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Mon, 1 Sep 2014 13:54:59 +0000 (14:54 +0100)