Viktor Dukhovni ietf-dane at
Thu Jan 15 18:10:27 CET 2015

On Thu, Jan 15, 2015 at 05:56:21PM +0100, Michael Str?der wrote:

> Many people do not consider e.g. client certs for authenticating the client to
> be necessary for establishing the encrypted channel. Also there's currently
> standard defining how the name check should be done for client certs. IMO
> client certs could be helpful to fight spam.

They can't be helpful for that.  They can only be helpful for whitelists.

Nobody is going to set the evil bit on their own packets:

despite the above RFC.


More information about the dane-users mailing list