[dns-operations] TLSA records on MX

James Cloos cloos at jhcloos.com
Tue Jun 11 23:11:39 UTC 2013

>>>>> "DB" == Doug Barton <dougb at dougbarton.us> writes:

DB> IMO the "main" draft could use a little more clarity, including some
DB> more examples, and personally I would incorporate the MX text in the
DB> same draft. It's true that the MX and SRV cases are distinct, but
DB> they're not _that_ different.

Didn't Tony do that, in a later draft?

DB> I'm having trouble understanding what the utility of TLSA records
DB> would be in the absence of DNSSEC.

IIRC, Tony's draft intended the non-dnssec recomendations also to skip
tlsa records.

As for tlsa w/o dnssec, that were some discussions early on here re-
questing that dane support what we now call tlsa type 0 w/o dnssec, on
the grounds that it still could be useful.  My recollection is that the
final consensus rejected that.  But I don't have time to re-read things
now, lest my dinner overcook. :)

James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6

More information about the dns-operations mailing list