Hello.
I don't quite understand what is the purpose of Cert. Usage 0 and 1 TLSA
records ("CA constraint" and "Service Certificate Constraint"). If we trust
DNSSEC and TLSA, we need no CA at all, and if we don't trust DNSSEC/TLSA,
what's the purpose of having any information in the TLSA ? The only place
such CA/cert. constraint makes sense to me is the certificate itself, HSTS,
or some checkbox in a browser setup.
Alexander Gurvitz,
net-me.net
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
