Great! This document is now ready to progress to the AD. spt
> On Jun 26, 2020, at 20:00, Nick Sullivan <n...@cloudflare.com> wrote: > > TLSWG and Chairs, > > I've submitted draft -13 with the appropriate changes. > > Best, > Nick > > On Tue, Jun 16, 2020 at 10:23 AM Sean Turner <s...@sn3rd.com> wrote: > Hi! > > This message closes out the 3rd WGLC for > draft-ietf-tls-exported-authenticators. I have created GH issues for the two > issues raised during WGLC: > https://github.com/tlswg/tls-exported-authenticator/issues/62 > https://github.com/tlswg/tls-exported-authenticator/issues/63 > Once addressed, and assuming the changes are not large, we will progress this > draft towards our AD. > > I will put the draft in Waiting for WG Chair Go-Ahead / Revised I-D needed > awaiting resolution of the two issues. > > spt (for the chairs) > > > On Jun 5, 2020, at 07:29, Watson Ladd <watsonbl...@gmail.com> wrote: > > > > On Thu, Jun 4, 2020 at 9:48 PM Sean Turner <s...@sn3rd.com> wrote: > >> > >> Another reminder ... > >> > >>> On May 22, 2020, at 09:23, Sean Turner <s...@sn3rd.com> wrote: > >>> > >>> This is the 3rd WGLC for "Exported Authenticators in TLS" draft available > >>> at > >>> https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. > >>> The secdir review during IETF LC raised some issues and as a result there > >>> have been a couple of new versions. Please respond to the list with any > >>> comments by 2359 UTC on 8 June 2020. > > > > I've implemented earlier drafts. I do have a concern with the > > validate API as presented in the draft: it treats empty authenticators > > as valid, and then returns the identity as a certificate chain that > > must be validated by the application. Similar APIs have lead to easily > > foreseeable pwnage. Instead I would recommend the validate API carry > > out X509 validation against a trust store or validation function and > > treat the empty authenticator as invalid. That way someone has to > > think before not checking the certificate returned. > > > > Sincerely, > > Watson Ladd > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
