On Thu, Feb 06, 2014 at 03:36:57PM +0000, Larsen, Todd wrote:
> Agreeing with Eric's point to ensure the UC 4 discussion doesn't
> focus on certificate revocation.
>
> Use case 4 for SMIMEA does not revoke a certificate. Rather, the
> domain revokes an S/MIME user. In contrast to any evidence the user
> has to claim association, the domain is positively stating that
> user X is not valid for SMIME applications. I consider that
> substantially different from the absence of a DANE record (or
> addition of a bogus record to force validation failure).
This is problematic because I expect that SMIMEA like TLSA generally
yields an RRset, not a single record. What would be the semantics
of an RRset with two RRs one with CU=4 and another with CU=2?
It still seems simplest to list no RRs for a user to indicate that
there are no keys for that user.
If CU=4 is supposed to disavow all keys for a user, what is the
meaning of the selector, matching type and associated data, ...
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
