On Mon, Nov 05, 2018 at 02:37:26PM +0000, Salz, Rich wrote: > Is it fair to describe the draft as enabling a trust model based on DNSSEC, > rather than the default X.509 hierarchy and trust store which is implemented > by default? > > Please try very hard to keep the answer brief.
In my mind that's one of the things it could do, but need not be the only one. In https://www.ietf.org/mail-archive/web/tls/current/msg27088.html I tried to consider the possibility for clients that currently default to the X.509 hierarchy but also clients that use opportunistic TLS or other default behaviors. The analysis of the security properties of adding DANE depends on what we use as a starting point. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
