Would it be easier or harder, instead of adding a new SNI RRtype, to use DANE TLSA records to identify the server's cert or key, and use a variation of TLS SNI to request the cert by digest instead of by name?
Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Hebrides, Bailey: West backing southwest 6 to gale 8. Rough or very rough, becoming high later in west Bailey. Showers, then rain later. Good, occasionally poor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
