(just to clarify; I am aware that neither of those Davids are part of the Chrome Root Program, but I'm sure they know how to get ahold of the right people)
On Mon, 30 Mar 2026 at 15:52, Mike Ounsworth <[email protected]> wrote: > > Does the IETF have a Liason to the Chrome Root Program? > > + @David Benjamin <[email protected]> and @David Adrian both > participate in IETF. > > On Mon, 30 Mar 2026 at 15:40, Nico Williams <[email protected]> wrote: > >> On Mon, Mar 30, 2026 at 08:04:54PM +0000, Salz, Rich wrote: >> > The overwhelming response (strong consensus) — both posted and via >> > private replies — is that applications will just switch to >> > TLS-Server-Auth identities for the client side. >> >> That violates RFCs 5280 & 8446 and vitiates the Chrome Root Program's >> new policy. Whatever problem that policy change meant to addres might >> only be made worse by this approach (sure, only for those apps that >> implement this workaround, but for those, yes, it will be worse). >> >> There has to be a better way. >> >> Does the IETF have a Liason to the Chrome Root Program? Can we reach >> out to them and ask them? When I did they simply did not respond, but >> if the IETF TLS and/or LAMPS WG chairs, or IETF Security ADs reach out >> to them perhaps they'll respond -- failing that then maybe the IETF >> Chair or the IAB. >> >> Nico >> -- >> >> _______________________________________________ >> Spasm mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
