Hi Viktor,

 

In your presentation named “Real World DANE Inter-domain email transport” (https://static.ptbl.co/static/attachments/169319/1520904692.pdf) you describe two approaches to handle a certificate change from a DANE perspective: “current + next”, and “current + issuer CA”. In the given example you use a “1” (certificate public key) for the TLSA parameter “selector”. I’m wondering whether this example is meant to imply that selector type “1” is preferred over selector type “0” (full certificate)?

 

In my opinion the selector type should not matter, making a “311 + 211” just as good as a “301 + 211”. Would you agree?

 

Regards,

Dennis