On Mon, Oct 20, 2014 at 09:01:56AM -0700, Paul Hoffman wrote:
> > Maybe it's also possible there was some misunderstanding from
> > the protracted email discussion? The revocation discussion (IIRC)
> > really had to do with an assertion that TLS did not have revocation
> > needs.
>
> Did anyone assert that? If so, please point it out. People asserted that
> revocation happens rarely for TLS certificates.
I've been known to say that with DANE TLSA, explicit revocation is
superseded by publishing an updated TLSA record. Don't know whether
that was ever in the context the revocation discussion in question.
Of course that only applies to situations in which DANE is always
used. DANE is of no help when the verifier is using "traditional"
PKI.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
