Re: [TLS] dnssec_chain entry in IANA registry seems to be missing CT

On Tue, Feb 22, 2022 at 8:39 PM Benjamin Kaduk wrote: > On Tue, Feb 22, 2022 at 08:27:02PM -0500, Shumon Huque wrote: > > On Wed, Feb 16, 2022 at 4:29 AM Ilari Liusvaara < > ilariliusva...@welho.com> > > wrote: > > > > > I noticed that the "dnssec_chain" extension in the IANA registry lists > > >

Re: [TLS] dnssec_chain entry in IANA registry seems to be missing CT

On Tue, Feb 22, 2022 at 08:27:02PM -0500, Shumon Huque wrote: > On Wed, Feb 16, 2022 at 4:29 AM Ilari Liusvaara > wrote: > > > I noticed that the "dnssec_chain" extension in the IANA registry lists > > only "CH" in the "TLS 1.3" column. However, the extension sends its > > response in the certifi

Re: [TLS] dnssec_chain entry in IANA registry seems to be missing CT

On Wed, Feb 16, 2022 at 4:29 AM Ilari Liusvaara wrote: > I noticed that the "dnssec_chain" extension in the IANA registry lists > only "CH" in the "TLS 1.3" column. However, the extension sends its > response in the certificate message (section 2.2), so I think that > column should read "CH, CT".

Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt

On Wed, Feb 23, 2022, at 09:31, Ben Schwartz wrote: > In TLS, I think "MUST" means "recipients should validate this if > possible and fail the handshake if there is a mismatch". Consider a > client implementation. Upon receipt of a SNIP response, is it supposed > to cross-check the SNIP answer

Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt

On Tue, Feb 22, 2022 at 4:23 PM David Benjamin wrote: > On Tue, Feb 22, 2022 at 3:58 PM Ben Schwartz 40google@dmarc.ietf.org> wrote: > >> I continue to support this draft. >> >> I am puzzled by the requirement that "A server MUST omit any compatible >> protocols from this extension". Includ

Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt

On Tue, Feb 22, 2022 at 3:58 PM Ben Schwartz wrote: > I continue to support this draft. > > I am puzzled by the requirement that "A server MUST omit any compatible > protocols from this extension". Including them seems harmless, and > omitting them seems to impose an unstated requirement that (1

Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt

I continue to support this draft. I am puzzled by the requirement that "A server MUST omit any compatible protocols from this extension". Including them seems harmless, and omitting them seems to impose an unstated requirement that (1) both parties also include the ALPN extension and (2) the impl

Re: [TLS] tlsflags and "responses"

I think it would probably be better to require it to be sent even if empty. Then you could measure how often it was implemented. On Mon, Feb 21, 2022 at 9:36 PM Yoav Nir wrote: > I have just submitted PR #20 to allow unacknowledged flags. It is a > rewrite of section 3 (rules) > > https://githu