On 4/12/21, 2:13 PM, "Viktor Dukhovni" <ietf-dane@xxxxxxxxxxxx> wrote:
On Mon, Apr 12, 2021 at 06:07:40PM +0000, Salz, Rich wrote:
> > Bottom line, if DANE/TLSA were adopted for HTTPS, it can be made to work
> > also with CDNs as described in this thread.
>
> I am not so sanguine. I am not a DNS expert. I know many, some of
> whom also work at my employer and who have not commented on this.
I'm open to an off-list discussion to uncover the obstacles, we could
then summarise back to the list. There is perhaps some work remaining
to be done, but I haven't seen any fundamental obstacles as yet.
I will let some folks know.
