Going back to the original as I don't think the question was ever answered.
rfc4398 is describing a means of using the DNS as a certificate publication service. It is a replacement for HTTP or LDAP publication. There is no semantic associated with publishing the cert in a domain. rfc6698 enables publication of assertions in the DNS that make specific claims about the relationship of a certificate to the domain. These are very separate applications. On Sun, Jun 26, 2022 at 1:05 PM Robert Moskowitz <rgm-...@htt-consult.com> wrote: > Recently I have been in a discussion about DNS RR that hold X.509 > certificates. > > I am asking this here, as I *Think* there may be some knowledge here > without me joining other lists... > > I was aware of DANE's rfc6698 that holds both X.509 certs or > SubjectPublicKeyInfo. > > But I was pointed at rfc4398 Which does NOT handle > SubjectPublicKeyInfo, but handles X.509 and other formats. > > Interesting that they both end in '98' and this is way after Jon was > around seeing to how RFC numbers were assigned :) > > What was the deciding point not to use 4398 for DANE? (and now DANCE) > > What is 4398 currently used for? Why was it not just updated to add > SubjectPublicKeyInfo rather than add a new RR? > > And then there is rfc7250 which references 6698... > > Thank you. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
