21 Apr
2013
21 Apr
'13
3:48 p.m.
Marius,
Just some ideas for the future. In order to move ahead with DNSsec and DANE - certificate handling - we need an entry in the NAPTR, SRV and A records on whether they was verified with DNSsec. This propably needs to be added to the resolver cache.
If they are all verified, we have a verified path and can check TLSA records for certificates or validation or CAs. If not, we have to resort to traditional TLS.
Parse this as some random notes after reading up on the DANE drafts on SRV records. :-) http://tools.ietf.org/html/draft-ietf-dane-srv-02
/O