I'm not aware of any major application which uses CERT records. -Ekr
On Sun, Jun 26, 2022 at 6:41 AM Robert Moskowitz <rgm-...@htt-consult.com> wrote: > Ah, RFC 6944... > > Yes, not a TLS issue; did not think it was, directly. But I see. > > DIG, dig, dig.. > > On 6/26/22 09:32, Robert Moskowitz wrote: > > Kind of thought so. > > So where do I ask where CERT records are being used? > > thanks > > On 6/26/22 09:22, Eric Rescorla wrote: > > Well, this really isn't a question for the TLS WG as DANE is external to > TLS. > > With that said, ISTM that the primary purpose of DANE is to indicate which > certificates are acceptable rather than to convey them, as TLS already > knows how to convey them. > > -Ekr > > > On Sun, Jun 26, 2022 at 5:05 AM Robert Moskowitz <rgm-...@htt-consult.com> > wrote: > >> Recently I have been in a discussion about DNS RR that hold X.509 >> certificates. >> >> I am asking this here, as I *Think* there may be some knowledge here >> without me joining other lists... >> >> I was aware of DANE's rfc6698 that holds both X.509 certs or >> SubjectPublicKeyInfo. >> >> But I was pointed at rfc4398 Which does NOT handle >> SubjectPublicKeyInfo, but handles X.509 and other formats. >> >> Interesting that they both end in '98' and this is way after Jon was >> around seeing to how RFC numbers were assigned :) >> >> What was the deciding point not to use 4398 for DANE? (and now DANCE) >> >> What is 4398 currently used for? Why was it not just updated to add >> SubjectPublicKeyInfo rather than add a new RR? >> >> And then there is rfc7250 which references 6698... >> >> Thank you. >> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > > > _______________________________________________ > TLS mailing listTLS@ietf.orghttps://www.ietf.org/mailman/listinfo/tls > > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
