On Fri, Jul 19, 2024 at 09:11:34PM -0700, Nick Harper wrote: > On Fri, Jul 19, 2024 at 8:58 PM Salz, Rich <rsalz= > [email protected]> wrote: > > > Can we simplify things and solve just one problem? > > > > >From my perspective, this draft does solve just one problem: how a server > chooses a certificate to use that it knows the client will trust. > > I had a similar reaction the first time I read the Trust Expressions draft. > Trust Anchor IDs ( > https://www.ietf.org/archive/id/draft-beck-tls-trust-anchor-ids-00.html) is > a simpler to understand mechanism that solves the same problem in a > different way.
I would not say that Trust Anchor IDs is simpler than Trust Expressions. Trust Anchor IDs introduces things like retries and DNS latency, which are anything but simple. Or the security considerations. -Ilari _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
