Paul Ferguson wrote: > ... > > That is *not* to say that DANE is not a desirable thing to > deploy/accomplish.
DANE relies on DNSSEC which relies on EDNS. the placement of a DNS-over-HTTPS channel would have to be below EDNS in the stack, and non-reliant. therefore my correction up-thread -- this HTTPS session would rely on PSK for keying information, not X.509. vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop