On Tue, 18 Mar 2014, Martin Rex wrote:
I strongly dislike this idea, and would really appreciate instead a requirement that any X.509 certificates that are generated for use with DANE-EE(3) *MUST* be generated with a sufficiently liberal validity period that interop is not going to break if a DANE client enforces the X.509 asserted validity period.
You can't because we now have EE certs that could only contain SBKI and no other x.509 legacy. Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
