> On Apr 25, 2018, at 10:02 AM, Willem Toorop <wil...@nlnetlabs.nl> wrote: > > If you do, could you please make separate pull requests for denial of > existence and another one for the lifetime field.
I made a single pull request with two commits, I hope that's OK. The 16-bit field is the second commit, and if that fails to get adopted, then you can use just the first commit. https://github.com/tlswg/dnssec-chain-extension/pull/14 The text is slightly different from my earlier post based on a revisions already staged by the authors which adds a section containing a brief overview of the the two types of a denial of existence response. The first commit makes what I think are additional necessary adjustments elsewhere in the document. It also changes MUST use DANE when TLSA records are present to SHOULD use DANE when TLSA records are present AND "usable". With the protocol subject to downgrade attacks, the MUST does not afford any downgrade resistance. The client may do as it pleases and the server is none the wiser, so MUST does not make sense here. -- Viktor. [ Drafting revisions to a document sure forces one to read the fine print in ways that a mere "review" often fails to achieve. :-( ] _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
