>This forces clients that use both TCP and UDP to publish their TLSA >records twice (or better publish one as a CNAME for the other, or >make both CNAMEs to a third thing). Is this really worth it?
How much of a problem has it been for TLSA server records? I honestly don't know but I'd be surprised if the answer were other than "not much". Creating the certificate and turning that into the right hex for the TLSA master record seems vastly harder than adding a CNAME which, if you are right that nobody ever does anything different on TCP and UDP, could be added mechanically. R's, John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
