I find Dennis’ writeup and most of his arguments convincing.
I don’t think the WG should adopt the draft.
From: Dennis Jackson
Sent: Tuesday, February 4, 2025 8:28 PM
To: TLS List
Subject: [EXTERNAL] [TLS] Re: Adoption Call for Trust Anchor IDs
CAUTION: This email originated from outside of t
It will not come as a surprise that I oppose adoption for the reasons
laid out in 'Trust is non-negotiable' [1].
The claims that Trust Negotiation can improve security or compatibility
just do not stand up to scrutiny. Especially as in over a year since
first introduction, there has been no cr
Thanks for the thoughts!
> To that end, perhaps it's most useful to focus in on the post-quantum
case, as I think that's the one that the WG finds most compelling.
That's certainly not the use case I find most compelling. It's one among a
class of PKI scenarios, just as PQ is not the only reason
Well, the other thing about HSTS is that it's specified to be only "for web
sites" It is right in the first sentence.
"This specification defines a mechanism enabling web sites..."
I asked about this with regard to ACME, and they told me to get lost. Fine
(also kind of funny), but we need to be c
On Sat, Feb 1, 2025 at 10:02 AM Eric Rescorla wrote:
> Starting a new thread to keep it off the adoption call thread.
>
> I'm still forming my opinion on this topic. To that end, perhaps it's
> most useful to focus in on the post-quantum case, as I think that's
> the one that the WG finds most co
On 04/02/2025 14:10, Bas Westerbaan wrote:
I just sketched one with a signal in the certificate. You point out
some valid deployment challenges, but they're far from disqualifying
the approach from the start, and we should give the general direction
a chance.
Always worth exploring new directi
>
> I think HSTS provides the basis for a more effective solution. It needs
> only to be extended with a single additional bit ("Enforce use of PQ
> signatures") and it's already well-understood by website operators.
> Managing the preload list is a bit unpleasant for browsers, but strictly
> speak
