>>>>> "VD" == Viktor Dukhovni <[email protected]> writes:
VD> Perhaps this has changed: VD> https://tools.ietf.org/html/draft-ietf-dane-srv-02#section-3.2 VD> https://tools.ietf.org/html/draft-ietf-dane-smtp-01#section-3 VD> Both say that TLS is mandatory when "secure" TLSA records are VD> present even if unusable! Not so much changed; the difference is that there wasn't consensus to do that for tlsa records in general, but Tony, et al propose that for those cases which use SRV or MX records. Other drafts also might propose such for their specific cases. But in the absense of such a more specific draft or rfc, 6698 on its own does not specify forcing TLS whenever a validly signed TLSA is found. Just another example where different use cases and user communities have different requirements and expectations, but still benefit from a common foundation. -JimC -- James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
