On Jan 6, 2021, at 1:19 PM, Paul Wouters <p...@nohats.ca> wrote: > Remember also that TLS ciphers are negotiated.
A better analogy might be "although TLS key exchange and encryption ciphers are negotiated, the signing algorithm on the server's certificate is not negotiated". DNSSEC signing is much more akin to the latter, I think. > There is no negotiation > in DNSSEC. Quite right, just as there is no negotiation for the authentication in TLS. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
