Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNI #1

Open
MelindaShore opened this issue May 29, 2015 · 2 comments
Open

SNI #1

MelindaShore opened this issue May 29, 2015 · 2 comments

Comments

@MelindaShore
Copy link
Owner

Need to add some text requiring the chain lookup on SNI, if available.
@MelindaShore
Copy link
Owner Author

Still needs more discussion. From Viktor:

" I think the Section 4 SNI interaction would be a lot cleaner,
if SNI is mandatory for clients that use the proposed extension.
In which case the server can only respond with a leaf TLSA RRset
(and chain of RRSIG/DNSKEY/DS/... records) whose "base domain" (
see section 3 of RFC6698 and soon definition of TLSA base domain
in draft-ietf-dane-ops-13 (later this week)). Using some random
name for the server's IP address is not a good idea IMHO. PTR
records are too often poorly correlated with the client's notion
of the target server name."

@shuque
Copy link
Collaborator

shuque commented Jul 6, 2015

For the record, I completely agree with Viktor. But I'll defer to collective discussion and consensus on this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shuque @MelindaShore