FTPS is FTP over TLS :) Yeah, it does STARTTLS instead of jumping straight in, but it's still TLS.
Even supposing there is an example, I don't really see the conflict. The existence of a TLSA record under _port._protocol.example.com doesn't necessarily make any statements about what protocol is running on the indicated port. RFC 6698 says what you do *if* you use TLS, but it doesn't rule out using it for some other protocol. So if your favorite security protocol uses X.509 certificates to authenticate domain names, you can still use it. There is a risk of swapping out protocols, I guess, if an attacker can, say, run a TLS service with a matching cert on the same port. But that doesn't jump out at me as a terribly likely or terribly damaging scenario. -- Richard Barnes Sent with Sparrow (http://www.sparrowmailapp.com/?sig) On Monday, September 24, 2012 at 4:43 PM, Miek Gieben wrote: > [ Quoting <[email protected] (mailto:[email protected])> in "Re: [dane] Call for > Adoption: draft..." ] > > There's a saying that goes, "We'll cross that bridge when we come to it." :) > > > > Do you have an example of such a protocol? > > uhm... ftps? > > > Regards, > > -- > Miek Gieben http://miek.nl > > _______________________________________________ > dane mailing list > [email protected] (mailto:[email protected]) > https://www.ietf.org/mailman/listinfo/dane > >
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
