> On Apr 20, 2018, at 12:09 AM, Joseph Salowey wrote:
>
> [Joe] This can also be done with a new extension code point that defines a
> replacement extension that adds the pinning policy. This seems like viable
> possibility, we are not running short on extension code points.
This looks li
On Wed, Apr 18, 2018 at 1:42 PM, Paul Wouters wrote:
>
>
> 4. Re-submit the document for publication and start work on a separate
>> extension that supports pinning
>>
>
> While we agree we can move pinning to a separate document, it makes much
> less sense for this to become an additional ful
Did we ever reach any agreement about what to do here?
For me, the threat model here seems fairly far-fetched and infeasible, in
the sense that the threat only exists in some very specific bugs in
multithreaded decompressor.
I'd be less reluctant to do this if it were not for the fact that all
so
All,
This is the working group last call for the "Exported Authenticators in TLS"
draft available at
https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/.
Please review the document and send your comments to the list by 2359 UTC on 4
April 2018.
Thanks - J&S
__
To make sure nobody is caught off guard, I’m going to issue the WGLC shortly
for this draft. We were waiting on getting a security review and we got that
in London and from the security proofs perspective it looks like we’re good to
go for a WGLC.
spt
> On Mar 5, 2018, at 20:07, Nick Sullivan
