Hi, what is the intended outcome validating a record TLSA 2 x x, where the specified trust anchor certificate was already revoked by a CA? Does PKIX certification path validation include revocation checks?
RFC 6698 says "The target certificate MUST pass PKIX certification path validation, with any certificate matching the TLSA record considered to be a trust anchor for this certification path validation." Thanks, Christian _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
