Reading up on HASTLS, it appears at first glance that the ins-port / sec-port etc combinations covers my use-case of advertising and preferring a secure connection.
Is there any activity with HASTLS that I could contribute to? On Sun, Apr 26, 2015 at 9:59 PM, Paul Wouters <[email protected]> wrote: > On Sun, 26 Apr 2015, Chris Monteiro wrote: > >> Great, it looks like the proposed standard for hardening SMTP/TLS >> could be repurposed for either http(s) or arbitrary ports as per my >> proposal no? > > > There is nothing left to harden. The presence of TLSA means, never go > to the insecure port. > > I tried to get this meaing into the original TLSA spec, and there was > resistence to it. It was sidetracked into the HASTLS record, which never > saw the light. I'm not sure if the DANE OPS (SRV) draft clarifies this, > but any sane client implementation of TLSA should really assume this. > > Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
