> On Apr 12, 2018, at 7:10 PM, Eric Rescorla <e...@rtfm.com> wrote:
>
> The difficulty here is what the server knows about the clients behavior.
> Specifically, if the server serves TLSA records and then ceases doing
> without serving authenticated denial of existence, then it is unable to
> determine if this would cause clients to fail because it doesn't know if
> the client implements the text in the final paragraph. One could argue
> that current clients could pin, but that's totally extratextual, as opposed
> t having a noninteroperable behavior in the document.
How exactly does telling the client the truth (conveying correct
DNS state about the TLSA records) harm interoperability???
Please explain the scenario in which something now fails???
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
