> Sure a list of ciphersuites isn't bad. But the current
design has a set of keys and a set of ciphersuites and a
set of extensions and a set of Rdata values in the RRset.
Since this is defined for TLS 1.3 with all known-good ciphers, can't that field
be eliminated?
> I'd bet a beer on such complexity being a source of bugs
every time.
All sorts of aphorisms come to mind. :)
> This has a totally different expiry behavior from RRSIGs, so I'm
> not sure that's that useful an analogy.
Disagree. They're both specifying a time window for DNS data.
Same problems will arise is my bet.
I am inclined to agree.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
