On Oct 20, 2014, at 8:24 AM, Osterweil, Eric <[email protected]> wrote:
> I think we are all on the same page, and perhaps the text was not clear > enough? I'm with Jakob and Viktor: the text is ill-specified. You are inventing a new revocation mechanism without enough semantics for a relying party to use it in a concrete manner. You also don't say how to use your new revocation information when it conflicts with other revocation information for the same keying material, such as CRLs and OCSP staples for the same certificate. > Maybe it's also possible there was some misunderstanding from the protracted > email discussion? The revocation discussion (IIRC) really had to do with an > assertion that TLS did not have revocation needs. Did anyone assert that? If so, please point it out. People asserted that revocation happens rarely for TLS certificates. --Paul Hoffman _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
