Hi Eric, hi everyone, I haven’t seen any reaction my last message yet. I had hoped to get some clarification.
You wrote: > So, for [email protected] <mailto:[email protected]> through > [email protected] <mailto:[email protected]> , you would hit *.example.edu > <http://example.edu/> SMIMEA, which would return the root cert. Does that > make sense? However, it remained unclear to me if that is intended use? (And if so, how should anybody know as it is not mentioned in RFC 8162?) And please let me ask a second question: It is recommended to use two separate certificates, one for encrypting and one for signing. If that recommendation is followed, how does RFC 8162 / RFC 6698 allow for this? Is it possible to have two records for the same user in the DNS (I’m not very familiar with the internals of DNS)? How could we identify which is which, unless the full certificate (not only the key) is stored in the DNS record? Even then, wouldn’t it be more practical to use different type values, so the client can specifically look for the the record it needs? Please forgive me for dumb questions. Thanks! Metin
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
