I wanted to bring up the idea of integrating TLSA records into FreeIPA so that a host that is issued a certificate for say the web server (via dogtag) would also publish that information in DNS using a TLSA record. This is very much like how SSHFP records are handled now in FreeIPA.
Has this been considered at all? I am more than happy to write up some more info about this, I just wanted to get a preliminary idea of whether this had been considered at all... -Erinn
Description: OpenPGP digital signature