Well, this really isn't a question for the TLS WG as DANE is external to TLS.
With that said, ISTM that the primary purpose of DANE is to indicate which certificates are acceptable rather than to convey them, as TLS already knows how to convey them. -Ekr On Sun, Jun 26, 2022 at 5:05 AM Robert Moskowitz <rgm-...@htt-consult.com> wrote: > Recently I have been in a discussion about DNS RR that hold X.509 > certificates. > > I am asking this here, as I *Think* there may be some knowledge here > without me joining other lists... > > I was aware of DANE's rfc6698 that holds both X.509 certs or > SubjectPublicKeyInfo. > > But I was pointed at rfc4398 Which does NOT handle > SubjectPublicKeyInfo, but handles X.509 and other formats. > > Interesting that they both end in '98' and this is way after Jon was > around seeing to how RFC numbers were assigned :) > > What was the deciding point not to use 4398 for DANE? (and now DANCE) > > What is 4398 currently used for? Why was it not just updated to add > SubjectPublicKeyInfo rather than add a new RR? > > And then there is rfc7250 which references 6698... > > Thank you. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
