> Suppose a query a known signed zone:
>
> Q: _25._tcp.mail.example.com. IN TLSA ?
>
> and I receive a signed CNAME referral:
>
> A: _25._tcp.mail.example.com. IN CNAME 3.1.1._tlsa.example.edu.
> Is this a a case of "no TLSA records" or "no usable TLSA records"?
This is a case of "no TLSA records". That's a CNAME record, not a
TLSA record. If the domain admin wanted to put a TLSA record there,
they know how to do that.
There is nothing magic about the _25._tcp subdomain names. Using
them for a CNAME (or an A record or anything else) does not indicate
a desire to use TLSA records.
John
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
