On 13/01/2016 17:12, John R Levine wrote:
> Here's a concrete example. My laptop is named mypc.example.com. Because > I am a forward thinking guy, I send a DANE-verified client cert whenever > I connect for submission, POP, IMAP, or jabber, and because I'm still > lazy, I use the same certificate for all of them. The DNS records to > tell the world about that are: > > $ORIGIN mypc.example.com > _submission._client._tcp IN TLSA ... cert stuff ... > _imap._client._tcp IN CNAME _submission._client._tcp > _imaps._client._tcp IN CNAME _submission._client._tcp > _pop3._client._tcp IN CNAME _submission._client._tcp > _pop3s._client._tcp IN CNAME _submission._client._tcp > _xmpp-client._client._tcp IN CNAME _submission._client._tcp > > How would you do it? Personally, I wouldn't use those owner names, as that's inconsistent with _tcp being associated with SRV usage, with the previous label being one from the IANA port registry. I quite like the idea of _client._<service>._<proto>, though. Thinking more though, I actually prefer _<service>._<proto>._client. The use of _client on the right-hand side would allow this to fit in Dave Crocker's "underscore registry" as the "most significant label", with everything to the left of that borrowed from SRV. Ray _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
