> -----Original Message----- > From: Jakob Schlyter [mailto:[email protected]] > Sent: Tuesday, September 11, 2012 6:26 AM > To: Jim Schaad > Cc: 'IETF DANE WG list' > Subject: Re: [dane] FYI: New Version Notification for draft-hoffman-dane- > smime-04.txt > > On 11 sep 2012, at 07:03, Jim Schaad <[email protected]> wrote: > > > Problem #3 is almost impossible. It would require that only > > end-entity certificate be listed, and this would mean that either it > > would be directly trusted or one would need to have both an EE > > certificate and a trust anchor listed in the DNS entry. The > > capitalization issue would need to be addressed as in the previous > > paragraph, but is harder given that the sender may have never seen the > > mailbox name for the recipient and may be guessing at what the string > should be if the DNS namespace is not over-populated. > > I believe you somewhat exaggerating this problem. IMHO, the requirements > you list are true but in no way a showstopper and I believe that publishing > down-cased EE cert would be a very pragmatic and deployable way of doing > this.
This may or may not be true, however it does not address the question I asked in the mail. Which of the problems is this trying to solve? Jim > > jakob _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
