> [ FWIW, TLS is trust-model agnostic, it is the WebPKI that uses the usual panoply of CAs. ] No, it is not agnostic. It does support other trust models -- raw keys, PGP web-of-trust -- but it's default and primary model from its inception is X509 and its (so ingrained you might consider it implicit) "trust the issuer" model. Look at the definitions of certs and CA's and things like path validation in PKIX and its predecessors, the "trust anchors" which builds on the chain model -- chained through *issuers* -- in the protocol, and so on.
The "usual panoply of CAs" is the WebPKI instantiation of a trust model, but do not confuse it with the trust model itself. I have deployed several instances of the X509/PKI trust model at work, and none of them use a conventional WebPKI set of anchors. If DANE-TLS is to come back, the authors should use a new TLS certificate type that is perhaps an X509 structure, but whose trust semantics are defined by DANE. The recent IEEE vehicle cert did similar, and all it took was a couple of pieces of email. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls