An indirect question on the overall premise here: Given that SCVP is
essentially nonexistent (unless there's some niche market somewhere using it
that I'm not aware of, which is why I didn't use an unqualified
"nonexistent"), does it really matter much? If an RFC falls in the forest and
all that..
Peter,
SCVP *IS* being used in aviation applications today in ground-to-ground
cases. But the comm cost for air-to-ground is excessive. So this is
directly what at least US FAA and EU EUROCONTROL are implementing.
Aviation, through ICAO, is building their own PKI. The CP is in final
draft
Oh, and it is this community's input to see that this is well designed
as once something is put into a plane, it tends to be there for years...
On 5/26/22 04:46, Peter Gutmann wrote:
An indirect question on the overall premise here: Given that SCVP is
essentially nonexistent (unless there's som
Ilari,
Thank you for your feedback.
You are correct in assuming that this was designed after the OCSP
status_request extension. It is a valid point that the extension can likely be
omitted from the server hello. The intent was to communicate to the client that
the server supports the extension
This is not about what was there earlier, nor what has been in wider use so far
(in which case, password clearly wins ;).
Rather – what is the best (from security and usability point of view) mechanism
now. I say – FIDO (or U2F, whatever) is the closest contender, if not the
outright winner
>So this is important in one community: Civil Aviation.
Thanks for the explanation Bob.
That's very cool, and I am grateful to those behind the scenes who worked to
bring this to the IETF.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/ma
Let me be clear here, I was not asking for permission. I am just asking for
people with technical contributions to the proposal.
WebAuthn is not going to work for non Web applications of TLS.
You know, this type of response is the reason people stop coming to the
IETF to get things done. I am wel
The use case for the D(TLS) Path Validation extension in civil aviation has
been submitted
https://www.ietf.org/archive/id/draft-segers-tls-cert-val-ext-use-case-00.txt
there
is also referenced slide deck available
http://conceptsbeyond.com/resources/SCVPValidationRequest_UseCase_CB.pdf
Thank you,
This is the Aviation use case I mentioned in earlier mails.
I will be submitting a BOF request tomorrow, performa.
Of course it is for the ADs to decide if this is a standalone BOF or a
20min slot in SECDISPATCH.
How much time people want to discuss it is in large measure related to
the disc
