> On Apr 28, 2018, at 2:34 PM, Paul Wouters <p...@nohats.ca> wrote: > > But more importantly, it does not specify what the extension content > should be in the absense of a signed TLSA record and not wanting to > put in the denial of existene. Are you expecting an empty payload? > A single NULL payload? Or are you expecting the extension should be > omitted entirely? And what is the expected client behaviour in that case?
The first commit in my pull-request provides a more complete description of DoE processing. https://github.com/tlswg/dnssec-chain-extension/pull/14/commits/859b164a5369e8c997713711771cfb3f7d87c90a#diff-bcaaf747fc40b8dd4fe4e10917b518f2L370 Don't know whether the authors have had a chance to take a look. The present text is IMHO still a bit too skimpy as you note: https://github.com/tlswg/dnssec-chain-extension/blob/master/draft-ietf-tls-dnssec-chain-extension-08.xml -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
