A new draft on DANE/TLSA Client Certificates is available:
https://tools.ietf.org/html/draft-huque-dane-client-cert-00
The authors are hoping to have some discussion on list, and in person at
IETF93 on this topic.
There are 2 owner name formats proposed in the draft, but we might be
advocating another simpler one (_service.[client-domain-name]) in the next
revision (along with a few more tweaks).
I'm working on a separate draft describing a TLS extension to signal DANE
client identity (see Section 5 for the rationale for this). That draft
won't be ready by the IETF93 draft cutoff, so you should see it shortly
after Prague.
Thanks,
Shumon.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
