Viktor Dukhovni wrote: > > The underlying meaning of "DANE-EE(3) SPKI(1) ?" is unchanged, it > matches a leaf SPKI object in either form. There is no confusion.
It will not be possible to use DANE only for bare keys and traditional PKIX _without_ DANE for certificate-based authentication, because DANE/TLSA-aware clients, that do not support bare keys in TLS, would encounter a DANE validation failure with the PKIX cert they get from the server. -Martin _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
