Martin Rex <[email protected]> wrote: > > Or the server will have to be able to request from its TLS stack > that the TLS session is established without any certificate > path validation, and the app itself will have to sort out the > mess all by itself, from an unverified client cert chain emitted by TLS. > But that will require a lot of messy cert processing details > in an apps spec, and may require changes to deployed TLS implementations > before it can be used.
These worries don't seem to cause significant problems in practice. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
