Hi,

I'm the designated ART reviewer for this document, and I'm a little late with this, after spending a vacation without much mail and my first working week with. Sorry.

The document looks very nice to me, I'd say it may be ready. I have two questions that may be nits.

1. What happens if the TLS DANE Client Identity extension is used and there is a dNSName in the cert, and they differ? My sense is that the dNSName and identity have to match, and if they don't, TLS negotiation fails. But I don't see this explicitly anywhere.

2. Section 3 starts with "The client SHOULD explicitly…" and I'm curious why that's not a MUST. I assume a MUST would lead to fewer interoperation combinations to test, and I don't see any reason why a client cannot support this TLS extension. Is interop combinations a smaller concern than I imagine?