[Standards] Unsigned DANE records for TLS assertions

Tony Finch dot at dotat.at
Tue Nov 26 12:04:09 UTC 2013


Dave Cridland <dave at cridland.net> wrote:
>
> What I'm wondering is whether an initiator could use the presence of a TLSA
> record to decide not to consider falling back to XEP-0220. In other words,
> whether a domain could use them to assert that it has a valid certificate.

The DANE drafts that I produced (for mail protocols) specified that
clients should expect the server to have a valid certificate and should
not fall back to unauthenticated or unencrypted connections.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.



More information about the Standards mailing list