Shumon and Viktor, I have an Internet of Things (IoT) use-case, in which i am evaluating using TLSA RR for both server and client authentication.
For the client authentication mechanism during TLS handshake, the DANE client authentication draft seems to be in the right direction. Is the draft not updated (since 2017) because the draft is not viable operationally or is it just due to lack of interest? I did not get this information from the mailing list archive. Sandoche. On 14/01/2016 03:49, John Levine wrote: >> This forces clients that use both TCP and UDP to publish their TLSA >> records twice (or better publish one as a CNAME for the other, or >> make both CNAMEs to a third thing). Is this really worth it? > How much of a problem has it been for TLSA server records? I honestly don't > know but I'd be surprised if the answer were other than "not much". > > Creating the certificate and turning that into the right hex for the > TLSA master record seems vastly harder than adding a CNAME which, if > you are right that nobody ever does anything different on TCP and UDP, > could be added mechanically. > > R's, > John > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
