[Standards] Unsigned DANE records for TLS assertions
dot at dotat.at
Tue Nov 26 12:04:09 UTC 2013
Dave Cridland <dave at cridland.net> wrote:
> What I'm wondering is whether an initiator could use the presence of a TLSA
> record to decide not to consider falling back to XEP-0220. In other words,
> whether a domain could use them to assert that it has a valid certificate.
The DANE drafts that I produced (for mail protocols) specified that
clients should expect the server to have a valid certificate and should
not fall back to unauthenticated or unencrypted connections.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the Standards