MelindaShore
commented
9 years ago Related, he also says:
"The draft often says "TLSA record" when it needs to say "TLSA RRset". It will be quite common for multiple TLSA RRs to be present in the RRset, as this is required to correctly effect key rotation. Therefore, in Section 6 (and elsewhere), text such as the below:
If the record is correctly authenticated, the client then performs DANE authentication according to the DANE TLS protocol [RFC6698].
is sub-optimal, it should refer to a TLSA RRset, which MUST contain at least one TLSA record that matches the server's certificate chain, but will often contain additional records that do not."
shuque
From Viktor:
" I'm not sure what purpose the last paragraph of section 3 is intended to serve:
Obviously, an authentication chain will be most compact and easiest to verify if each RRset has a single record, i.e., if there is a single DNSKEY RR and a single DS RR at each step. In addition, as suggested above, keeping zone cuts to a minimum also reduces the length of the authentication chain.
The TLS server has no choice but to return the complete RRset for each owner name class and RRtype, since RRSIGs cover RRsets, not individual RRs. So "compacting" is possible. The server returns the RRsets exactly as published by the relevant DNS(SEC) servers.
Speaking of RRsets, are the RRs in each RRset returned by the server required to be sorted in canonical order"