On 16/04/15 19:28, Stephen Farrell wrote: >>> - 2.2, Could "authenticated" here mean mutually authenticated >>> with TLS client certs? If not, maybe say so. (And for the >>> last sentence before 2.2.1, what about the client cert names >>> - what's done with those?) >> >> There is no protocol for specifying mutual authentication until >> someone (I volunteered) writes the DANE draft for locating client >> TLSA RRs and how that works for SMTP. Some of the signaling >> (client -> server: please check for my TLSA records) will be >> application protocol specific. > > Could be worth saying that mutually authenticated TLS is out > of scope so servers SHOULD (or MUST) NOT send a certificate > request.
This seems excessive; one could not then use both DANE/SMTP and some future specification for authenticating the client. Surely "out of scope" is sufficient? -- Jeremy _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
