On 25 September 2012 15:44, Henry Story <[email protected]> wrote: > What I don't understand yet looking at draft-hoffman-dane-smime, is what key > is going to be placed in DNS. Is it the signing key? The key that will sign > the certificates? If so that could indeed be worthwhile putting in DNS. ( > Though one could just as easily put that in http space ). If it is to put the > client certificates themselves in DNS, then that seems much less of a good > idea.
Its pretty clear it could be either of those, though I have to say the I-D doesn't really work properly in this respect. It inherits the Certificate Usage field from 6698 - but 6698 references TLS and TLS servers and things like that. I fear the I-D really needs to redefine the usages in an S/MIME context. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
