On Wed, Jan 30, 2013 at 9:11 AM, Marc Lampo <[email protected]> wrote: > Hello, > If a correct TLSA record for a domain would mean > there is no warning to the user about : cannot verify certificate > I'm a bit concerned about the value 3 for "Certificate Usage" ! [...] > But since domain registration can be quite anonymous > doesn't this mean that anybody could, if support for TSLA is widespread, > create https websites that do not cause warning messages to users. > To me it seems that anybody could, kind of, produce his own identity card ?
That's how dns is, anybody may register a domain (i.e. create an ID). I'd interpret the value 3 as the ability, for one who registered a DNS domain, to prove that it is the same person with the one who operates the web server. regards, Nikos _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
