On Fri, June 6, 2014 03:37, Viktor Dukhovni wrote: > On Thu, Jun 05, 2014 at 07:13:24PM -0700, John Gilmore wrote: >> At no point do the TLSA records in a key rollover include only >> "past/future" keys. TLS would fail if they did so. > > The total set of TLSA RRs indeed always contains present keys when > the server is not misconfigured. But there is (today) no guarantee > that the "3 1 X" subset of the TLSA RRset contains any present > keys. I am proposing to document this issue. We've not yet agreed > on who's responsible for the work-around (client, server, both).
If a server operator is moving from RPK-only to PKIX-only then they MUST (with all the necessary TTL considerations for each step): 1. Add support for PKIX on the server and in the TLSA RRs 2. Remove support for RPK in the TLSA RRs 3. Remove support for RPK on the server In my opinion the server operator is responsible. They also MUST NOT provide support for RPK unless they have configured SPKI TLSA RRs, otherwise a PKIX+RPK client will prefer RPK and fail. -- Simon Arlott _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
