>>>>> "PW" == Paul Wouters <[email protected]> writes:
PW> If only we had decided not to use protoport prefixing....
What does that have to do with anything? :/
An RR is defined by its wire format. A TLSA RR is still a TLSA RR no
matter where it happens to be in the DNS.
Just like any other RR. Eg:
foo.example.org in ptr bar
is still a PTR RR. No matter how unlikely it should be that anyone
might dig(1) it.
It occurs to me that what we really need is a spec for how to find *any*
tls cert association to a label which looks like an email address. Ie,
has a right-hand-part which looks like -- and can been looked up like --
a hostname, a left-hand-part which is contrained only by lenght and an
ascii '@' separating the two. This covers all of the typical client
certs, whether for interacting with a TLS server, email, code-signing
or anything else which might use email-like labeling.
An smime-specific draft could then reference the more general spec.
We'd need to specify something more general than _smimecert.
And it shouldn't have 'client' in the name, either. There is no reason
to presume that a foo@bar label implies the concept of 'client'.
Maybe '_at'? That would make my primary email address look like:
mnwg633t._at.jhcloos.com
Nice, generic, and suitable for all such usage.
-JimC
--
James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
