James Cloos:
Unfortunately unnecessary constraints on the ptr zones are too common to
support sticking tlsas therein.
James, Viktor,
thanks for clarification. you mention that the ptr is unusable as base
for a TLSA lookup. You suggest to use the helo name in smtp for example.
I can tell only about smtp but here I don't see a real difference.
Hosts with perfect double dns mostly also use a corresponding helo name
while host without mostly lack also the matching helo name.
(my feeling, no detailed statistics...)
_$PROTO._clientauth.$CLAIMED_NAME
I like the phrase CLAIMED_NAME but I see no benefit
on using 'smtp' as $PROTO vs. the numeric portnumber ?
Back to the first: taking the CLAIMED_NAME as base to build a dns label
leave options open, how the server has to construct the label.
Simply using a ptr *may* be an option, but hasn't to be the only one.
To get the clients CLAIMED_NAME a server has multiple choices with
different weights.
Andreas
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
