PKIX-TA looks better than PKIX-CA; CA makes it look like it has to be an association to a root cert.
It would be nice to have a better short description for type 3 than Domain-issued certificate, notwithstanding the existance of that string in rfc 6698. DANE isn't about issuing certs, but rather about establishing trust paths to them. But I cannot come up with an alternative.... Nits: The paragraph: "It is expected that DANE parser's in applications and DNS software MAY adopt parsing the acronyms for each field, installed base MAY NOT get updated." could use better grammar. Perhaps: s/each field, installed base/each field, but the installed base/ And perhaps /MAY NOT/may not/. Unlike the first MAY, the may not isn't really a 2119. (The Nits link agrees.) In the xml, I'd do: s(<c>CA constraint</c>)(<c>CA constraint</c>) it should look better in the output. -JimC -- James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
