I have read draft-gilmore-dane-rawkeys. I think that some of the goal text in section 4, that explains that this mechanism can be used for both certificate and raw key based TLS, should move much earlier in the document.
My impression is that this document does not require any new assigned numbers or protocol values, but rather simply explains how a raw key can be contained in a minimal DER encoded format such that it can be contained in the TLSA record. I found reading the document difficult as it contained too many "extende" statements; likely this is because I have not done a TLSA implementation so I am not sufficiently familiar with the underlying data structures. Mention of a way to validate a key by hash is mentioned, but I'm unclear how that works from my first reading. I support adoption of this document; it needs a co-author. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
pgpOiJMis9gCU.pgp
Description: PGP signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
