> On Apr 4, 2018, at 10:34 PM, Nico Williams <n...@cryptonector.com> wrote:
> I can see why: you have to commit to one certificate in the chain not
> changing.  Whereas here you only have to commit to continue to publish
> TLSA RRs (and signing them and your zone).  This is a big difference.

Even more strongly NOT ONLY do you not actually commit to publishing
TLSA records going forward since with (A) (denial of existence) you
can just prove they don't exist.  You can even stop using DNSSEC for
your domain entirely.  And yet still support the extension and just
furnish proof (again denial of existence) that your domain is no
longer signed (i.e. no DS records in the parent or ancestor thereof
as signed by that parent or ancestor).

THEREFORE, the pin is *precisely* just a capability pin (like STS),
saying I can present the extension, there is NO obligation to
provide any specific content in that extension.


TLS mailing list

Reply via email to