Hi, TLS is prone to Man-In-The-Middle attacks with unjustly obtained intermediate certificates (e.g. firewall appliances). The DNSSEC KSK-rollover worked like a charm.
So I suggest to make DANE-TLS mandatory for TLS to prevent Man-In-The-Middle attacks with unjustly obtained intermediate certificates. Regards, Renne _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
