+1 on adopting. As for the draft, do we really need a new RR?
If the content is the same as TLSA, just with a different naming scheme, why not just use TLSA? TLSA ought to be specified as suitable for anchoring any x.509-style cert or cert chain in the dns. Perhaps TLSA should have been called X509A? A requirement to update dns software for every new use case might be an excessive burden on the community. Re-using TLSA for smime means that the only type of software (with existing TLSA support) which would need updates would be DANE-specific software like swede which would need an update anyway to generate and verify associations on the new name. (Smime consumers, of course, will need an update no matter what the RR is called.) (It certainly never occured to me that more RRs would be proposed for associations to 509-style certs. I envisioned a risk of another RR for, eg, associations to OpenPGP certs, but not for other applications of the 509-style ones.) (That said, If the consensus here and at dnsext is for a new RR, then I'll join that consensus.) -JimC -- James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
