As mentioned elsewhere, you could just as well have the WebFinger resource assert a TA for email within the domain.
GET /.well-known/webfinger?resource=mailto:[email protected]/1.1 Host: example.com HTTP/1.1 200 OK Access-Control-Allow-Origin: * Content-Type: application/jrd+json { "subject" : "mailto:[email protected]";, "properties" : { "smime-certificate" : "blob of base64", "smime-trust-anchor" : "blob of base64" }, } On Sat, Apr 20, 2013 at 5:03 AM, Leif Johansson <[email protected]> wrote: > > > That might be a good way to do certificate discovery, but not really a > good way to have a second trust anchor if one wanted to get away from the > distributed PKIX hierarchies. > Exactly. > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane >
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
