Dan York <[email protected]> wrote:
>
> My comments were reacting largely to Tony's comment about the content of the
> TLSA record:
>
> > TLS is about authenticating peers. S/MIME is about encryption as well as
> > verifying signatures. So I would expect TLS records to be more about>
> > digests of certificates (for brevity) whereas S/MIME records to
> > contain public keys or entire certs.
>
> To me it just seemed that there could be app developer confusion if in
> the one case the TLSA record is a digest of a certificate and in another
> case the TLSA record might be a full certificate.
>
> Having said that, I've now gone back and re-read RFC 6698 and seen
> clearly that this is all covered with the Matching Type field in section
> 2.1.3 and so any "DANE implementation" needs to be able to understand
> both the digest and the full certificate.
>
> So consider my comments withdrawn.... and thanks for the replies that
> forced me to deepen my understanding of the DANE protocol. :-)
I think I agree with Dan. My comments were meant to be thinking out loud
rather than objections as such - just trying to enumerate what the
differences might be between TLSA and SMIMEA, in usage and semantics if
not syntax.
Tony.
--
f.anthony.n.finch <[email protected]> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
