On 25 September 2012 23:32, Paul Hoffman <[email protected]> wrote: > On Sep 25, 2012, at 12:06 PM, Dan York <[email protected]> wrote: > >> BUT... to Tony's last point, are we in fact making it *harder* for >> developers by overloading the TLSA RRtype with different types of content? > > No, because the types of content are identical.
They are not, as I just pointed out in the other thread. >> Or is that adequately addressed by having the second left-most label in the >> domain name (ex. "_smimecert") be the way that a developer would know what >> is in the TLSA RR and therefore how it should be processed? > > That's not content, that's the request you used to get the content. > > As Ben pointed out earlier, we need to make a few changes saying "where DANE > talks about a chain sent by the server, this document is talking about a > chain sent by the other party". But the contents are the same. You could argue that all RRs merely contain bytes, so their contents are "the same". If they mean different things, then they're not _really_ the same. It could be that TLSA could be redrafted to fix this problem. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
