On Mon, Aug 25, 2014 at 05:27:36PM -0600, Peter Saint-Andre wrote:
> How about this?
>
> (because the TLSA records can
> be ignored if the address records are not secure, performing the TLSA
> queries in parallel is not harmful from a security perspective).
The reason to skip (or at least ignore lookup errors with) TLSA
lookups when A/AAAA are "insecure" are operational, not security.
So perhaps:
s/security perspective/operational perspective/
Otherwise, if it says what you want it to say, fine. I am not sure
we the draft needs to teach implementors how to optimize the
implementation, but if you feel it is important (to encourage
adoption) go for it.
You could probably therefore phrase it a bit better than the
suggested substitution.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
