On 11 sep 2012, at 07:03, Jim Schaad <[email protected]> wrote:
> Problem #3 is almost impossible. It would require that only end-entity
> certificate be listed, and this would mean that either it would be directly
> trusted or one would need to have both an EE certificate and a trust anchor
> listed in the DNS entry. The capitalization issue would need to be
> addressed as in the previous paragraph, but is harder given that the sender
> may have never seen the mailbox name for the recipient and may be guessing
> at what the string should be if the DNS namespace is not over-populated.
I believe you somewhat exaggerating this problem. IMHO, the requirements you
list are true but in no way a showstopper and I believe that publishing
down-cased EE cert would be a very pragmatic and deployable way of doing this.
jakob
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
