On Fri, May 30, 2014 at 07:28:40PM +0000, Viktor Dukhovni wrote:
> On Fri, May 30, 2014 at 03:02:22PM -0400, James Cloos wrote:
>
> > A 3 0 0 tlsa will work as well as a 3 1 x. The client can pull the spki
> > out on its own.
>
> Not true. When the server presents only the SPKI (no certificate
> wrapped around it), the client cannot magically reconstruct the
> enclosing certificate.
Oops, sorry, yes as a special case "3 0 0" still works. I tend to
block the the mtype 0 TLSA RRs from my mind.
So indeed the "oob public key" compatible RRs are:
3 0 0
3 1 X
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
