On 16/04/15 20:36, Jeremy Harris wrote: > On 16/04/15 19:28, Stephen Farrell wrote: >>>> - 2.2, Could "authenticated" here mean mutually authenticated >>>> with TLS client certs? If not, maybe say so. (And for the >>>> last sentence before 2.2.1, what about the client cert names >>>> - what's done with those?) >>> >>> There is no protocol for specifying mutual authentication until >>> someone (I volunteered) writes the DANE draft for locating client >>> TLSA RRs and how that works for SMTP. Some of the signaling >>> (client -> server: please check for my TLSA records) will be >>> application protocol specific. >> >> Could be worth saying that mutually authenticated TLS is out >> of scope so servers SHOULD (or MUST) NOT send a certificate >> request. > > This seems excessive; one could not then use both DANE/SMTP > and some future specification for authenticating the client. > Surely "out of scope" is sufficient?
Fair enough. That'd be fine by me. (And bear in mind this was just offered as a LC comment, not blocking in any way.) Cheers, S. > _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
