>>>>> "JG" == John Gilmore <[email protected]> writes:
JG> In amending the TLSA RFC for raw public keys, we could remove those JG> deliberate restrictions, and then write new deliberate restrictions. JG> Paul Hoffman's comment above seems to be advocating for that position. JG> Instead, I am advocating for not adding restrictions that have no JG> technical or interoperability rationale. On that topic, not only do I agree that language which tries to restrict TLSA records to TLS is undesirable, I cannot discern *any* value in such restrictions. The software for any protocol which uses x.509 certs or which can handle spki-formated transmission of public keys should feel to use tlsa records to authenticate said certs or spkis. Even if it is a protocol which does not listen(2) on a fixed port and therefore would need to search for tlsa records differently than 6698 describes. If an alternate use of a given dns rr would lead to some sort of conflict which would break other uses, there would be valid cause to advocate against such breakage. But I do not see how using tlsa records for non- tls protocols would do that. -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
