On Mon, 23 Jun 2014, Peter Koch wrote:
I've read the draft but not any preceding discussion. Publishing (not "authenticating", please) raw keys in the DNS makes a lot of sense IMHO, but it's not obvious to me why the TLSA RR type is the right one. The document does not explain why the expansion of the usage "3" is backwards compatible, i.e., not confusing old clients.
old clients that did not support bare public key could not even use TLSA, so how can extending support break older clients? Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
