On Wed, 4 Apr 2018, Eric Rescorla wrote:
1. Assertive: To avoid having to engage with the WebPKI (e.g., because it's
a pain). This rationale was stronger back before Let's Encrypt, but
I suppose some people may still feel that way.
2. Restrictive: To protect yourself from compromise of the WebPKI.
Yes, if your motivation is #2, then the flow you suggest is a real problem,
but it's not a problem for #1. While not an author of this document, I'd
understood it's primary motivation to be #1, and that's what Richard's
earlier notes have said as well.
The primary use case of the author's is not relevant. The document is a
working group document, and people who have contributed to this document
from the start also have valid use cases.
For example, I proposed to use the DNS wire format early on and the WG
made that change. My use case was never to create a "DANE or WebPKI is
enough" security model, as I do not think that model helps anyone.
TLS mailing list