Just a thought: It might be simpler to do S/MIME certificate discovery using WebFinger than using DANE. You would just have to do an HTTPS query to a URI of the form...
< https://example.com/.well-known/webfinger?resource=mailto:[email protected]&rel=certificate > ... then parse a JSON object to find the certificate. As opposed to having an appropriately upgraded DNS library, being able to do DNSSEC, and parsing the binary record format. This process could still benefit from DANE, via TLSA validation on the HTTPS connection. And basically the only documentation you would need would be to define the "certificate" relation type. Like I said, just a thought. --Richard
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
