On 5/22/17 at 10:46 AM, ietf-d...@dukhovni.org (Viktor Dukhovni) wrote:
On May 22, 2017, at 1:37 PM, Salz, Rich <rs...@akamai.com> wrote:
I strongly believe the text should stay as it is, for the most good to the most
people. Viktor is in the weeds, arguably by himself.
Right, all by myself... With support from Nico, Ilari, and others who've
upthread
accepted that certificate verification is properly RFC5280 and not TLS, before I
suggested removal of the text in question (which solves no real problem, but
does
create needless interoperability issues for various TLS use-cases).
Please allow me to add my voice to Viktor's. When I wrote the E
language communication protocol, many people said I should use
SSL. Some of the reasons we did not use SSL are in a 1998
document <http://www.erights.org/elib/distrib/vattp/SSLvsDataComm.html>.
Our protocol started with a hash of the peer's public key. With
that bit of information, other authentications are unnecessary.
If I were starting today, we could use TLS with PSKs by asking
the other side for it's key and then using it with a TLS library
(I think).
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to
do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls