On Thu, Mar 14, 2013 at 11:21:06AM -0800, John Gilmore wrote: > This is a case of "no TLSA records". That's a CNAME record, not a > TLSA record. If the domain admin wanted to put a TLSA record there, > they know how to do that.
Not if there's a CNAME there, they don't. You can't put a TLSA record there if there's a CNAME. > There is nothing magic about the _25._tcp subdomain names. Using > them for a CNAME (or an A record or anything else) does not indicate > a desire to use TLSA records. But if there's a CNAME with a TLSA record at the target, presumably you ought to use that TLSA record. No? A -- Andrew Sullivan [email protected] _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
