A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security WG of the IETF.
Title : Deprecating TLSv1.0 and TLSv1.1
Authors : Kathleen Moriarty
Stephen Farrel
One other bit of context here: DANE itself doesn't prevent these
"downgrade" attacks in its native form, to say nothing of TLS.
Recall that caching is optional for DNS clients, and the usage of DNSSEC
validation results is up to the application.
Suppose you had an application with the following l
I'm afraid the below is a strawman hypothetical. Please stop.
DNSSEC lookups either return the truth or explicitly
*FAIL*, they don't just return "neutral" results.
As, for example, explained in RFC7672, when TLSA lookups fail the
mail delivery is deferred, and may ultimately bounce if the condi
On Fri, Sep 14, 2018 at 8:33 AM, Viktor Dukhovni
wrote:
> I'm afraid the below is a strawman hypothetical. Please stop.
>
> DNSSEC lookups either return the truth or explicitly
> *FAIL*, they don't just return "neutral" results.
>
In theory perhaps, but as a practical matter, no browser client,
* In theory perhaps, but as a practical matter, no browser client, at
least, can do DNSSEC hard fail, because the rate of organic DNSSEC interference
is too high. Indeed, this is the primary reason why DANE over TLS is
interesting.
But that doesn’t make Viktor’s statement wrong, does it? B
> On Sep 14, 2018, at 12:09 PM, Eric Rescorla wrote:
>
> In theory perhaps, but as a practical matter, no browser client, at least,
> can do DNSSEC hard fail, because the rate of organic DNSSEC interference is
> too high. Indeed, this is the primary reason why DANE over TLS is interesting.
On Fri, 14 Sep 2018, Eric Rescorla wrote:
DNSSEC lookups either return the truth or explicitly
*FAIL*, they don't just return "neutral" results.
In theory perhaps, but as a practical matter, no browser client, at least, can
do DNSSEC
hard fail, because the rate of organic DNSSEC i
I am getting "This link to the event is no longer valid" from the below
link, and I hear folks are having PSTN trouble as well. Are there some
different coordinates we should be using?
On Wed, Sep 12, 2018 at 9:59 AM Christopher Wood <
christopherwoo...@gmail.com> wrote:
> Below is an agenda for
On Wed 2018-09-12 07:58:43 -0700, Christopher Wood wrote:
> https://ietf.webex.com/ietf/onstage/g.php?MTID=e02cf108b5a24e348e10132497d5def9
when i visit this, i get a page that says::
This link to the event is no longer valid.
This may be because the event has been cancelled, the event h
We are having some technical issues getting the meeting started.
On Fri, Sep 14, 2018 at 10:03 AM, Richard Barnes wrote:
> I am getting "This link to the event is no longer valid" from the below
> link, and I hear folks are having PSTN trouble as well. Are there some
> different coordinates we
I know Webex has been having some issues today; we're working on finding
working coordinates.
-Ben
On 9/14/18, 12:04, "Richard Barnes" wrote:
I am getting "This link to the event is no longer valid" from the below
link, and I hear folks are having PSTN trouble as well. Are there some
d
Just like everyone else, waiting for further instructions for a working
conference bridge...
> On Sep 12, 2018, at 10:58 AM, Christopher Wood
> wrote:
>
> Below is an agenda for Friday's virtual interim meeting, followed by
> the meeting information. This information is also available online
>
It should be working now.
On Fri, Sep 14, 2018 at 10:05 AM, Daniel Kahn Gillmor wrote:
> On Wed 2018-09-12 07:58:43 -0700, Christopher Wood wrote:
> > https://ietf.webex.com/ietf/onstage/g.php?MTID=
> e02cf108b5a24e348e10132497d5def9
>
> when i visit this, i get a page that says::
>
> This l
I just tried again, same error.
On Fri, Sep 14, 2018 at 12:15 PM Joseph Salowey wrote:
> It should be working now.
>
> On Fri, Sep 14, 2018 at 10:05 AM, Daniel Kahn Gillmor <
> d...@fifthhorseman.net> wrote:
>
>> On Wed 2018-09-12 07:58:43 -0700, Christopher Wood wrote:
>> >
>> https://ietf.webe
Still doesn't work for mel
On Fri, Sep 14, 2018 at 10:13 AM, Joseph Salowey wrote:
> It should be working now.
>
> On Fri, Sep 14, 2018 at 10:05 AM, Daniel Kahn Gillmor <
> d...@fifthhorseman.net> wrote:
>
>> On Wed 2018-09-12 07:58:43 -0700, Christopher Wood wrote:
>> > https://ietf.webex.com/i
You need to use the webex meeting number:
642 489 356
On Fri, Sep 14, 2018 at 10:16 AM, Eric Rescorla wrote:
> Still doesn't work for mel
>
> On Fri, Sep 14, 2018 at 10:13 AM, Joseph Salowey wrote:
>
>> It should be working now.
>>
>> On Fri, Sep 14, 2018 at 10:05 AM, Daniel Kahn Gillmor <
You can go to https://ietf.webex.com and follow links to the ongoing TLS
virtual interim.
You'll have to go through the register workflow and use the password of 1234,
but it worked for me.
On 9/14/18, 12:17, "Eric Rescorla" wrote:
Still doesn't work for mel
On Fri, Sep 14,
On Fri 2018-09-14 10:13:23 -0700, Joseph Salowey wrote:
> It should be working now.
sorry, i'm still getting the same error message i got before.
any pointers? same URL as in the untrimmed text below, same failure response :/
if that doesn't work for anyone else, i propose an alternative:
I've
Shortening the link works. Basically you can join with the app or web
page, using the 9-digit meeting code. You end up having to register.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Anyone who is still trying to join and cannot, please reply to me and/or the
chairs.
-Ben
On 9/14/18, 12:23, "Nico Williams" wrote:
Shortening the link works. Basically you can join with the app or web
page, using the 9-digit meeting code. You end up having to register.
___
My rough notes of the meeting. All mistakes are mine, please speak up to the
list if I got something wrong
2018-10-14 TLS interim meeting
problem statement
viktor: authors seemed focus on dprive but not scoped as such. Scope in
document is DANE PKI.
dprive can make extension mandato
21 matches
Mail list logo
