On 8 Nov 2018, at 08:44, Ryan Carboni <rya...@gmail.com> wrote: > > This might be a radical proposal, but maybe the certificate hash could be > placed in a DNS TXT record.
This is a bad idea. Overloading TXT records with special semantics rarely, if ever, has a happy ending. For instance application software would need to somehow work out which of the TXT records for some domain name was your hypothetical hash and which were SPF strings or whatever else has been dumped into TXT records. If you need to put this hash in the DNS, you might as well get a type code assigned for a specifc RR to do that. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls