DANE rollover: selector type

Dennis Baaten dennis at baaten.com
Fri Jul 13 15:15:57 CEST 2018


Hi Viktor,

 

In your presentation named "Real World DANE Inter-domain email transport"
(https://static.ptbl.co/static/attachments/169319/1520904692.pdf) you
describe two approaches to handle a certificate change from a DANE
perspective: "current + next", and "current + issuer CA". In the given
example you use a "1" (certificate public key) for the TLSA parameter
"selector". I'm wondering whether this example is meant to imply that
selector type "1" is preferred over selector type "0" (full certificate)? 

 

In my opinion the selector type should not matter, making a "311 + 211" just
as good as a "301 + 211". Would you agree?

 

Regards,

Dennis

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20180713/0e5c33f6/attachment.html>


More information about the dane-users mailing list