Dear all, I've looked at this draft, and am confused about how validation is supposed to work. The draft specifies that a server should have an X509 certificate with a SAN matching the server name as defined in the draft. But what CA is trusted to issue this certificate? Will this end up being similar to the existing WebPKI, or is DANE validation or something else being suggested somewhere else? Sincerely, Watson Ladd
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
