On Wed, 4 Jul 2018, Eric Rescorla wrote:
> > > Do we have a count of major implementors who say they will do so?
> >
> > Well, what is a "major implementation"?
>
> Well, we could start with "what implementations are going to do this"?
[postfix and openssl apparen
On Wed, Jul 04, 2018 at 08:42:38PM -0700, Eric Rescorla wrote:
> It would be nice to hear from those maintainers, as well as from some of
> the bigger email senders (e.g., GMail, Yahoo Mail, etc.)
The question is premature, some implementations are not candidate
early adopters. Once library supp
On Wed, 4 Jul 2018, Eric Rescorla wrote:
In any case, as Martin Thomson says, we have a perfectly good
extension mechanism which can be used to add pinning later without creating any
placeholder here.
The IETF should not publish security protocols that are trivially downgraded.
The work _sho
On Wed, Jul 4, 2018 at 8:16 PM, Viktor Dukhovni
wrote:
> On Wed, Jul 04, 2018 at 07:46:13PM -0700, Eric Rescorla wrote:
>
> > > > Do we have a count of major implementors who say they will do so?
> > >
> > > Well, what is a "major implementation"?
> >
> > Well, we could start with "what implement
On Wed, Jul 04, 2018 at 07:46:13PM -0700, Eric Rescorla wrote:
> > > Do we have a count of major implementors who say they will do so?
> >
> > Well, what is a "major implementation"?
>
> Well, we could start with "what implementations are going to do this"?
Since Postfix supports not just MTA-to
On Wed, Jul 04, 2018 at 06:51:46PM -0800, Melinda Shore wrote:
> On 7/4/18 6:33 PM, Viktor Dukhovni wrote:
> > I thought the authors wanted this done quickly, but lately they
> > seem to be in no rush to get the document finished.
>
> I'm still trying to figure out a way forward that's useful
>
On 7/4/18 6:33 PM, Viktor Dukhovni wrote:
> I thought the authors wanted this done quickly, but lately they
> seem to be in no rush to get the document finished.
I'm still trying to figure out a way forward that's useful
for the people who intend to use this extension and that doesn't
add cruft o
On Wed, Jul 4, 2018 at 7:33 PM, Viktor Dukhovni
wrote:
> On Wed, Jul 04, 2018 at 06:34:44PM -0700, Eric Rescorla wrote:
>
> > > 1. Do you support the working group taking on future work on a pinning
> > > mechanism (based on the modifications or another approach)?
> >
> > Unsure. I'd like to see
On Thu, Jul 05, 2018 at 12:31:02PM +1000, Martin Thomson wrote:
> On Tue, Jun 26, 2018 at 2:21 PM Joseph Salowey wrote:
> > 1. Do you support the working group taking on future work on a pinning
> > mechanism (based on the modifications or another approach)?
>
> I don't think that pinning is a
On Wed, Jul 04, 2018 at 06:34:44PM -0700, Eric Rescorla wrote:
> > 1. Do you support the working group taking on future work on a pinning
> > mechanism (based on the modifications or another approach)?
>
> Unsure. I'd like to see some real evidence that it will be widely consumed.
> Do we have a
On Tue, Jun 26, 2018 at 2:21 PM Joseph Salowey wrote:
> 1. Do you support the working group taking on future work on a pinning
> mechanism (based on the modifications or another approach)?
I don't think that pinning is a good idea. We've experience that
suggests that it's more of a footgun tha
On Wed, Jul 04, 2018 at 06:34:44PM -0700, Eric Rescorla wrote:
> 3. Do you support the proof of denial of existence text in the revision?
>
> The mechanism seems fine, but it doesn't seem to me that the specification
> is clear on what the semantics are. I think what they are is that you can
> c
On Mon, Jun 25, 2018 at 9:20 PM, Joseph Salowey wrote:
> Hi Folks,
>
> There has been some discussion with a small group of folks on github -
> https://github.com/tlswg/dnssec-chain-extension/pull/19. I want to make
> sure there is consensus in the working group to take on the pinning work
> an
On Tue, Jul 03, 2018 at 10:41:18AM -0400, Allison Mankin wrote:
> I haven't chimed in on the mailing list on this draft, but I'm one of the
> people who had discussions with browserfolk in hallways, in the corners of
> interim meetings for HTTP2, and other such places, in order to see what it
> wo
On Tue, 3 Jul 2018, Allison Mankin wrote:
2. Do you support the reserved bytes in the revision for a future pinning
mechanism?
Reserving the bytes without a mechanism is not a good idea, so no. I think
the method for modifications or another approach is
something to be worked on in future
I haven't chimed in on the mailing list on this draft, but I'm one of the
people who had discussions with browserfolk in hallways, in the corners of
interim meetings for HTTP2, and other such places, in order to see what it
would take to get a start on TLSA use by browsers. Due to the floods of
tr
On 6/25/18 at 9:20 PM, j...@salowey.net (Joseph Salowey) wrote:
Hi Folks,
There has been some discussion with a small group of folks on github -
https://github.com/tlswg/dnssec-chain-extension/pull/19. I want to make
sure there is consensus in the working group to take on the pinning work
and
> On Jun 26, 2018, at 12:20 AM, Joseph Salowey wrote:
>
> Hi Folks,
>
> There has been some discussion with a small group of folks on github -
> https://github.com/tlswg/dnssec-chain-extension/pull/19. I want to make
> sure there is consensus in the working group to take on the pinning wo
On Mon, 25 Jun 2018, Joseph Salowey wrote:
There has been some discussion with a small group of folks on github -
https://github.com/tlswg/dnssec-chain-extension/pull/19.
I want to make sure there is consensus in the working group to take on the
pinning work and see if there is consensus for
On Mon, Jun 25, 2018 at 09:20:16PM -0700, Joseph Salowey wrote:
> 1. Do you support the working group taking on future work on a pinning
> mechanism (based on the modifications or another approach)?
Yes with a caveat: I don't much care whether pinning work gets done as
an individual submission, a
Hi Folks,
There has been some discussion with a small group of folks on github -
https://github.com/tlswg/dnssec-chain-extension/pull/19. I want to make
sure there is consensus in the working group to take on the pinning work
and see if there is consensus for modifications in the revision. Plea
On Mon, 4 Jun 2018, Benjamin Kaduk wrote:
Hi Ben,
I've taken a stab at putting together some security considerations text for
draft-ietf-tls-dnssec-chain-extension that reflects my understanding of the
current state of affairs. It's in a pull request at
https://github.com/tlswg/dnssec-chain-ex
> On Jun 4, 2018, at 4:39 PM, Benjamin Kaduk
> wrote:
>
> I'd be interested to hear what aspects people agree with and disagree with,
> whether on- or off-list.
Looks like a solid proposal to me, especially the updated security
considerations.
Thanks! I added two very minor comments on the
Hi folks,
I've taken a stab at putting together some security considerations text for
draft-ietf-tls-dnssec-chain-extension that reflects my understanding of the
current state of affairs. It's in a pull request at
https://github.com/tlswg/dnssec-chain-extension/pull/19 , along with Viktor's
commi
24 matches
Mail list logo
