Hello all, I just got through the dane-smime document and have one ammendment to make to section 7, specifically "applications SHOULD use TCP - not UDP".
My impression is that that specific recommendation (and its rationale in the next paragraph) was mimicked from the OPENPGPKEY spec, where it makes sense because the whole armored key gets into the DNS. But since SMIMEA is very much like TLSA, I don't see the need for that TCP preference (nor does 7671 - check section 10.1.1). One might argue that QNAMES for SMIMEA will be bigger than for TLSA, since they routinely include a 28-octect hash, however, I don't buy that as a powerful enough reason. I would just delete the text and, if at all, refer to 7671 for transport considerations. Paul already reminded me that the wg last call for the document is over, but I think it still would be time to make some change, if the chairs haven't passed the doc to the IESG. Best regards, Marcos _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
