From: DNSOP on behalf of Viktor Dukhovni
Quoting from the draft:
...
> If the initial TLSA base domain is the start of a secure CNAME chain,
> clients MUST first try to use the end of the chain as the TLSA base
> domain, with fallback to the initial base domain, as described
From: Wes Hardaker
Ben Schwartz writes:
A few comments:
1. the MUST NOT in the first paragraph in 5.2 really feels like it should
be a SHOULD NOT. Though its not wise, there could be scenarios where
someone really wants to do it and if they feel it's operationally
possible then they should
Ben Schwartz writes:
> I wanted to remind DNSOP to take another look at
> draft-ietf-dnsop-svcb-dane [1], which is intended as a straightforward
> clarification of how DANE interacts with SVCB/HTTPS records (and
> QUIC/HTTP/3). I don't think this document is controversial, and I'd
> like to
Ben Schwartz writes:
> I wanted to remind DNSOP to take another look at
> draft-ietf-dnsop-svcb-dane [1], which is intended as a straightforward
> clarification of how DANE interacts with SVCB/HTTPS records (and
> QUIC/HTTP/3). I don't think this document is controversial, and I'd
> like to