> [ FWIW, TLS is trust-model agnostic, it is the WebPKI that uses the
usual panoply of CAs. ]
No, it is not agnostic. It does support other trust models -- raw keys, PGP
web-of-trust -- but it's default and primary model from its inception is X509
and its (so ingrained you might consider it implicit) "trust the issuer" model.
Look at the definitions of certs and CA's and things like path validation in
PKIX and its predecessors, the "trust anchors" which builds on the chain model
-- chained through *issuers* -- in the protocol, and so on.
The "usual panoply of CAs" is the WebPKI instantiation of a trust model, but do
not confuse it with the trust model itself. I have deployed several instances
of the X509/PKI trust model at work, and none of them use a conventional WebPKI
set of anchors.
If DANE-TLS is to come back, the authors should use a new TLS certificate type
that is perhaps an X509 structure, but whose trust semantics are defined by
DANE. The recent IEEE vehicle cert did similar, and all it took was a couple of
pieces of email.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
