On Thu, 5 Apr 2018, Richard Barnes wrote:
And just to be clear, by "downgrade attack", you mean "normal PKI authentication that we rely on today". There's nothing in here that degrades security
You mean other then LetsEncrypt destroying the ecosystem and leading to a "one key to rule them all" situation? The webpki is changing dramatically. The amount of CAB/forum violations seems to be increasing, partially as a result of these violations getting exposed by certificate transparancy and perhaps partially because of the financial strain caused by the free LetsEncrypt. Allowing people to deploy another PKI is not harmful - forcing people to stick with the webpki could prove harmful.
That doesn't mean there's not still some utility to be had.
Your tls-extension use case can be supported regardless of the outcome of this consensus call. That is not at stake today. Other people's valid use cases are the ones that are at stake now. Paul _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls