> We talked about using IP addresses in certificates being problematic, but so > is listing hundreds of names for name servers that have vanity names for each > of the names for which it is authoritative. For this draft, it truly doesn't > matter what identifier is in the certificate, but the draft is still trying > to work with whatever different draft that might eventually come out > describing the fully-authenticated use case.
[JL] I guess I am thinking mainly of how to implement & manage the certs. The easier this is the better it will be for eventual deployment. >> - Is it necessary to specify the transport cache? If it helps with >> performance everyone will do it. And the section other than saying there >> MUST be a cache does not specify anything else. > In earlier discussions, there were questions about what would and would not > be in the transport case, so describing the contours seemed more appropriate. > If the WG wants to remove it, that's easy. [JL] As it stands now it seems to just say you must have one but not much specificity beyond that. As a result I am just suggesting that a shorter document is a better document and this section could be removed without affecting the objective of the proposed standard or how software implements this. Jason _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
