ietf
[Top] [All Lists]

Re: SMTP+TLS to MXs, was Re: Comments on Draft IRTF ASRG DNSBL - 07

2008-11-14 02:36:43
On Fri, 14 Nov 2008, Mark Andrews wrote:
How does an application do "accept if signed and validated by DNSSEC"?

        You validate the CERT RRset using the techniques in RFC
        4033, 4034 and 4035.  If the answer is "secure" then it was
        signed and validated.  You the match offered cert to the CERT
        RRs using the information from RFC 4398.

        Do you need more detail or is that enough guidance?

I was interested in more detail, specifically, are there application interfaces an application could use, or every app need to implement validation using 4033-5 techniques (a lot of work, and most would probably do it wrong)?

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf