Tiny nits:
Section 5.1 - Paragraph 4:
(i.e., the[y] may ignore
the client's SNI message)
Section 8.2 - Paragraph 1:
A more complex [?] involves switching to a trust-anchor or PKIX usage
from a chain that is either self-signed, or issued by a private CA
and thus not compatible with PKIX.
Section 8.4:
o Extend the TLSA RRset with a new combination of parameters (usage,
selector and matching type) that [is] used to generate matching
associations for all certificate chains that are published with
some other parameter combination.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
