John Hall <[email protected]> writes:
> I had not heard of DANE (DNS based authentication of named entities). I
> found found rfc-6698 in a search .. not sure if anyone mentioned it yet.
> https://datatracker.ietf.org/doc/rfc6698/
I didn't mention DANE, but it is indeed one of the "additional things" I
was going to mention. Along with TLSA. Leveraging DNSSEC one can
provide authoritative bindings to other infrastructure and let clients
know that they should be using TLS and which certs or CAs they should be
using for it.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[email protected] PGP key available
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss