"John Stracke" <[EMAIL PROTECTED]> writes: >>The CERT extension to DNS allows to place there a URI, a URI is smaller > than >>a cert and stays in a udp packet. > > Bootstrap problem: how can you trust the results of the URI?
The URI can contain a hash (fingerprint) of the target data. C.f. TLS extensions document.
