On 7/19/15 11:49 AM, Viktor Dukhovni wrote: > My reading of the draft is that it is primary aimed at making DANE > practical for HTTPS, where last-mile considerations on the client > end are a significant part of the adoption barrier. > > For HTTP, MX and SRV records are out of scope. Clients that depend > on DNS to the extent of determining the server identity based on > MX or SRV records, already need DNSSEC to avoid MiTM issues, and > at least in the case of SMTP and XMPP are expected to handle DANE > without stapled TLSA RRsets (and associated RRSIG/DNSKEY/DS chains).
Yup, exactly. Thanks. Melinda -- Melinda Shore No Mountain Software [email protected] "Software longa, hardware brevis." _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
