On Mon, 17 Mar 2014, Viktor Dukhovni wrote:
This is not "use strongest". This is the opposite. It forces the
use of tarnished, but still acceptable digests even when untarnished
digests are present. The new proposal is to ignore all but the
strongest, even when the remainder would be usable.
Also the pseudo-code in the appendices loops over *all* "usable" TLSA
RRs (those not banned by 4.1).
Okay, I understand your point now. The text in 6698 is indeed doing some
half weird local policy client dictation that it should not have done.
My proposal modifies the pseudo-code
to loop over only those records (for each usage/selector) with the
strongest digest plus any records with matching type 0.
So I agree with you that is the right approach. I am not sure if I
agree that we should try and write that into an RFC other than
"according to local policy".
but the text should clearly not be like 6698, that would technically
violate the RFC if your method of local policy is implemented.
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
