MelindaShore
commented
9 years ago Melinda: We might want to think about having some text describing dnssec use (authenticating the domain name) and separate text describing dane use .
Open MelindaShore opened 9 years ago
MelindaShore
commented
9 years ago Melinda: We might want to think about having some text describing dnssec use (authenticating the domain name) and separate text describing dane use .
From Shumon: We might want to be clearer about whether the serialization chain ends in the TLS server's domain name or in a TLSA record corresponding to the server's TLS certificate. For DANE authentication, the latter would be needed, but it may make sense to have the former (also), so that the client can authenticate the server's DNSSEC name to IP address mapping.