On Tue, Jul 11, 2023 at 12:45 PM Dennis Jackson <ietf= 40dennis-jackson...@dmarc.ietf.org> wrote:
> On 11/07/2023 15:48, Thom Wiggers wrote: > > > I enjoyed reading this draft. I think it is well-written. Aside from > > some to-be-figured-out details that have already been pointed out, it > > seems very practical, which is rather nice. > Thanks! > > > > The one thing that makes me frown a bit is the intended versioning > > scheme. I don't think consuming identifiers is a problem, but perhaps > > we can pre-define the code points and variables for the next, say, > > N=0xff years? Then the versioning mechanism is set for the foreseeable > > future. > > I like the reduction of bookkeeping but I think we would need to work > out which parts of the construction to make dynamic with an IANA > registry. I wouldn't want to 'permanently' encode the root programs, CT > trusted log lists or end entity compressed extensions for example. > > I don't really have a sense of what the idiomatic IETF solution is for > this problem, so I settled for seemed like the least commitment method > in the draft. > Arguably it will be necessary to encode the database in the final RFC. Otherwise, you have what is effectively a normative reference to the contents of the CCADB. I haven't thought through this completely, but I mention it because it may affect the rest of the design decisions if we end up with the WG having to produce the database. > (You could even say that we wrap the code points after N years). > > I don't know whether there'll be interest in using this scheme outside > TLS (e.g. reducing storage / bandwidth costs in CT) but if there is then > we'll probably want identifiers which are unambiguous over long timescales. > I'm not worried about code point exhaustion. Say we issued a new version every 3 months and allocated a block of 256 code points, we would be able to go without changes for 64 years. -Ekr > > Best, > Dennis > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls