Hi folks, I've taken a stab at putting together some security considerations text for draft-ietf-tls-dnssec-chain-extension that reflects my understanding of the current state of affairs. It's in a pull request at https://github.com/tlswg/dnssec-chain-extension/pull/19 , along with Viktor's commit to update the text about the actual DNS records involved (which as far as I can tell seems to improve the technical accuracy of the text), and also inserting a variable-length array that's reserved for future attempts to mitigate the (now-)documented security considerations.
I'd be interested to hear what aspects people agree with and disagree with, whether on- or off-list. Thanks, Ben (with no hats) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
