A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security WG of the IETF.
Title : TLS Encrypted Client Hello
Authors : Eric Rescorla
Kazuho Oku
On Sunday, 2 October 2022 15:13:31 CEST, Salz, Rich wrote:
Now we have ACME, why not move to 3 day certs issued daily
and avoid the need for revocation entirely?
Not all CA's in use on the WebPKI support ACME. Automating a
single-host to renew every 48 hours (have to allow for faults
and re
This is mainly a keep-alive update, with some additional details summarizing
the results from an upcoming paper to appear at ACM CCS 2022.
Best,
Chris, for the editors
On Mon, Oct 3, 2022, at 7:56 AM, internet-dra...@ietf.org wrote:
> A new version of I-D, draft-ietf-tls-esni-15.txt
> has been s
The TL;DR is that in the future we expect OCSP to be a lot less relevant.
I checked with our team, and the general story is that currently if there
is a valid OCSP stapled response we use it but otherwise do OCSP
In the future when we have CRLite enabled and it applies to the
certificate, then we
The IESG has approved the following document:
- 'Delegated Credentials for (D)TLS'
(draft-ietf-tls-subcerts-15.txt) as Proposed Standard
This document is the product of the Transport Layer Security Working Group.
The IESG contact persons are Paul Wouters and Roman Danyliw.
A URL of this Intern
Hi there,
There have been no replies on this. I am wondering if it means that TLS client
implementations will not support this (retry logic on securely disabled ECH),
or just that it has not been implemented yet.
The wording “may trigger the retry logic” from the draft is maybe a hint of the
i
