On Wed, 4 Apr 2018, Eric Rescorla wrote:
HPKP had a TTL and yet as a practical matter, people found it very problematic. And, of course, if you're concerned with hijacking attacks, the hijacker will just advertise a very long TTL.
By publising DANE records with either a TLSA record or a denial of existence proof, you can override any longterm TTL. If an attacker puts in a 1 year PIN/TTL, any TLS-dnssec extension containing a valid NSEC proof of non-existence overrides the previous TTL/PIN. In fact, this is one of the reasons the WG should decide to fix the current draft to include proofs of denial of existence. Paul _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
