On Thu, Jan 14, 2016 at 8:24 PM, John Levine <jo...@taugh.com> wrote:
> > This doesn't let you alias server certs without also aliasing client > certs, no idae if that would be a problem in practice. The comments > in RFC 6698 suggest that aliasing server certs is rarely useful. > Just on the last point, I couldn't find where in 6698 it says that about aliases, but RFC 7671 offers two design patterns involving aliases for server TLSA records that might be common - one for virtual hosting, and another to alias many server records to a common DANE-TA issuer. I've already seen quite a number of instances of the latter deployed in the field. -- Shumon Huque
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
