Dave Cridland <[email protected]> wrote: > > What I'm wondering is whether an initiator could use the presence of a TLSA > record to decide not to consider falling back to XEP-0220. In other words, > whether a domain could use them to assert that it has a valid certificate.
The DANE drafts that I produced (for mail protocols) specified that clients should expect the server to have a valid certificate and should not fall back to unauthenticated or unencrypted connections. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first.
