(Reviving this thread to help the WG move forward on getting this
document published)
On 18 Jul 2018, at 5:41, Shumon Huque wrote:
On Wed, Jul 18, 2018 at 4:55 AM Eric Rescorla wrote:
To the extent to which this is true, it's an argument that one should
be
pinning at a different layer.
On Thu, Jul 19, 2018 at 12:16:18PM -0400, Viktor Dukhovni wrote:
> On Wed, Jul 18, 2018 at 10:23:49PM -0500, Nico Williams wrote:
> > > At yesterday's WG meeting, Sam Weiler suggested that the pinning
> > > information could be conveyed via the DNS. That way you would not need new
> > > holes/field
On Wed, Jul 18, 2018 at 10:23:49PM -0500, Nico Williams wrote:
> > At yesterday's WG meeting, Sam Weiler suggested that the pinning
> > information could be conveyed via the DNS. That way you would not need new
> > holes/fields in the TLS extension. Paul said it doesn't work. But Willem
> > Toorop
On Wed, Jul 18, 2018 at 08:41:59AM -0400, Shumon Huque wrote:
> At yesterday's WG meeting, Sam Weiler suggested that the pinning
> information could be conveyed via the DNS. That way you would not need new
> holes/fields in the TLS extension. Paul said it doesn't work. But Willem
> Toorop and I dis
On Wed, Jul 18, 2018 at 01:54:09AM -0700, Eric Rescorla wrote:
> On Tue, Jul 17, 2018 at 7:30 PM, Viktor Dukhovni
> wrote:
> >
> > c. Testing is not a good fit at this layer, all that's
> >pinned is the ability to deliver the extension, after a
> >previous connectio
Hi Viktor,
Thanks for writing up your thoughts; a couple notes inline:
On Tue, Jul 17, 2018 at 10:30:39PM -0400, Viktor Dukhovni wrote:
>
> Below I shall try to address a few of the concerns raised in writing.
> You can read just the high-level notes above my signature, diving
> into the corresp
On Wed, 18 Jul 2018, Eric Rescorla wrote:
detailed response to concerns raised in the room on Monday
On Tue, Jul 17, 2018 at 7:30 PM, Viktor Dukhovni wrote:
c. Testing is not a good fit at this layer, all that's
pinned is the ability to deliver the extension,
On Wed, Jul 18, 2018 at 4:55 AM Eric Rescorla wrote:
>
> To the extent to which this is true, it's an argument that one should be
> pinning at a different layer.
>
>
(I've mentioned this in private email to some of you, but for broader
input, I'm throwing it out on the list too.)
On the topic of
On Tue, Jul 17, 2018 at 7:30 PM, Viktor Dukhovni
wrote:
>
> c. Testing is not a good fit at this layer, all that's
>pinned is the ability to deliver the extension, after a
>previous connection delivered DANE TLSA records and a
>non-zero extension support
Below I shall try to address a few of the concerns raised in writing.
You can read just the high-level notes above my signature, diving
into the corresponding detailed exposition below my signature as
you see fit. Apologies for lack of hypertext links.
0. The draft as approved by the IESG, des
10 matches
Mail list logo
