Hiya,
On 16/02/2021 15:41, Paul Hoffman wrote:
That seems fine. (Well, "self-issued" is the proper term, and we'd have to elaborate a bit on how to do that, but yes). This also works well with PaulW's prooposed sentinel.
I think I maybe said it before (sorry if this is a repeat) but I'm against recommending self-issued certs. Even if we're only aiming for oppo, we shouldn't be making it hard to transition to auth if/when that becomes an option and encouraging certs with expiry in 2038 does exactly that, even if that's not what's intended. A "SHOULD" there is just a bad idea. S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
