> -----Original Message----- > We should not debate the merits and demerits of various PKI models > here. The OP's question was about browser behaviour, and my comment > on the existing public CA PKI was mostly irrelevant personal opinion, > intended to justify the expectation that browsers will not only > support certificate usage 0/1 to the exclusion of 2/3.
Viktor, Is there another list that's right for discussing the merits and demerits of the different DANE options? I work for a CA, so of course I believe that the current PKI is *not* irreparably broken, nor do I agree that modes 2 and 3 are "substantially more robust". Because I believe your voice is respected in this forum, I wanted to speak up to make it clear that this opinion is not shared by all. -Rick Andrews _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
