Thanks Eric!
I will use them in draft-ietf-drip-registries for our X.509 certs and
our 'custom' attestation certs (private OID will be needed). And then
the powers-that-be can sort it out as we move forward.
But at least this way I can put forth the discussion point and the
implementors can proceed with their PoC.
And most likely take it to a DNS list. And hall talk at 114!
Bob
On 6/26/22 16:14, Eric Rescorla wrote:
I'm not aware of any major application which uses CERT records.
-Ekr
On Sun, Jun 26, 2022 at 6:41 AM Robert Moskowitz
<rgm-...@htt-consult.com> wrote:
Ah, RFC 6944...
Yes, not a TLS issue; did not think it was, directly. But I see.
DIG, dig, dig..
On 6/26/22 09:32, Robert Moskowitz wrote:
Kind of thought so.
So where do I ask where CERT records are being used?
thanks
On 6/26/22 09:22, Eric Rescorla wrote:
Well, this really isn't a question for the TLS WG as DANE is
external to TLS.
With that said, ISTM that the primary purpose of DANE is to
indicate which certificates are acceptable rather than to convey
them, as TLS already knows how to convey them.
-Ekr
On Sun, Jun 26, 2022 at 5:05 AM Robert Moskowitz
<rgm-...@htt-consult.com> wrote:
Recently I have been in a discussion about DNS RR that hold
X.509
certificates.
I am asking this here, as I *Think* there may be some
knowledge here
without me joining other lists...
I was aware of DANE's rfc6698 that holds both X.509 certs or
SubjectPublicKeyInfo.
But I was pointed at rfc4398 Which does NOT handle
SubjectPublicKeyInfo, but handles X.509 and other formats.
Interesting that they both end in '98' and this is way after
Jon was
around seeing to how RFC numbers were assigned :)
What was the deciding point not to use 4398 for DANE? (and
now DANCE)
What is 4398 currently used for? Why was it not just
updated to add
SubjectPublicKeyInfo rather than add a new RR?
And then there is rfc7250 which references 6698...
Thank you.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls