Ah, RFC 6944...
Yes, not a TLS issue; did not think it was, directly. But I see.
DIG, dig, dig..
On 6/26/22 09:32, Robert Moskowitz wrote:
Kind of thought so.
So where do I ask where CERT records are being used?
thanks
On 6/26/22 09:22, Eric Rescorla wrote:
Well, this really isn't a question for the TLS WG as DANE is external
to TLS.
With that said, ISTM that the primary purpose of DANE is to indicate
which certificates are acceptable rather than to convey them, as TLS
already knows how to convey them.
-Ekr
On Sun, Jun 26, 2022 at 5:05 AM Robert Moskowitz
<rgm-...@htt-consult.com> wrote:
Recently I have been in a discussion about DNS RR that hold X.509
certificates.
I am asking this here, as I *Think* there may be some knowledge here
without me joining other lists...
I was aware of DANE's rfc6698 that holds both X.509 certs or
SubjectPublicKeyInfo.
But I was pointed at rfc4398 Which does NOT handle
SubjectPublicKeyInfo, but handles X.509 and other formats.
Interesting that they both end in '98' and this is way after Jon was
around seeing to how RFC numbers were assigned :)
What was the deciding point not to use 4398 for DANE? (and now
DANCE)
What is 4398 currently used for? Why was it not just updated to add
SubjectPublicKeyInfo rather than add a new RR?
And then there is rfc7250 which references 6698...
Thank you.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
