On Fri, 6 Jun 2014, Viktor Dukhovni wrote:
You'll find that there is little support for RPK formats other than "3 1 X", despite a small number of suggestions to the contrary. A consensus around "3 1 X" is I think a safe bet.
It is not a safe bet. We only need one external requirement, like PCI-DSS or the EV consortium to start dictating one has to publish and match a full certificate to get their goodies like a green url bar. Then you would need a mix of TLSA types to support both the PKIX/CABforum/EV universe and raw public keys. And by not allowing that, or by stating a mixed TLSA RRset means sacrificing raw public keys, the result would force everyone to be stuck with full PKIX validation. In other words, your 'optimization' can be harmful. You're still welcome to code that into your software. But you can't standardize it. Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
