Oh, also, 6.1 is incorrectly titled :-)
On 25 September 2012 16:00, Ben Laurie <[email protected]> wrote: > On 25 September 2012 15:44, Henry Story <[email protected]> wrote: >> What I don't understand yet looking at draft-hoffman-dane-smime, is what >> key is going to be placed in DNS. Is it the signing key? The key that will >> sign the certificates? If so that could indeed be worthwhile putting in DNS. >> ( Though one could just as easily put that in http space ). If it is to put >> the client certificates themselves in DNS, then that seems much less of a >> good idea. > > Its pretty clear it could be either of those, though I have to say the > I-D doesn't really work properly in this respect. > > It inherits the Certificate Usage field from 6698 - but 6698 > references TLS and TLS servers and things like that. I fear the I-D > really needs to redefine the usages in an S/MIME context. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
