On 1 October 2010 08:29, Phillip Hallam-Baker <hal...@gmail.com> wrote: > The reason that I started with the requirement to use SSL is that security > policy relating to trust criteria is meaningless until you have a statement > that use of SSL is required.
I can't agree with this. If a user types an https URL, say, then there's every reason security policy should apply despite the lack of a statement that SSL is required. > I have no objection to doing security policy. But I do have a real objection > to an approach that negates PKIX semantics as the TLSFP approach does. Then I'd like to see your proposal for _optionally_ allowing PKIX to be overridden. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop