On Sun, 26 Apr 2015, Chris Monteiro wrote:
Great, it looks like the proposed standard for hardening SMTP/TLS could be repurposed for either http(s) or arbitrary ports as per my proposal no?
There is nothing left to harden. The presence of TLSA means, never go to the insecure port. I tried to get this meaing into the original TLSA spec, and there was resistence to it. It was sidetracked into the HASTLS record, which never saw the light. I'm not sure if the DANE OPS (SRV) draft clarifies this, but any sane client implementation of TLSA should really assume this. Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
