Re: [TLS] I-D Action: draft-ietf-tls-cert-abridge-00.txt

2024-03-01 Thread Dennis Jackson
Hi Ilari, Thank you for the quick review. I've been integrating all of the editorial feedback in the draft (separate mail to follow to the group). Regarding your feedback: On 06/09/2023 17:46, Ilari Liusvaara wrote: Doing quick review: Section 3.1.2: - It is not clear what exactly is repla

[TLS] draft-ietf-tls-cert-abridge Update

2024-03-01 Thread Dennis Jackson
Hi all, I wanted to give a quick update on the draft. On the implementation side, we have now landed support for TLS Certificate Compression in Firefox Nightly which was a prerequisite for experimenting with this scheme (thank you to Anna Weine). We're working on a rust crate implementing the

Re: [TLS] I-D Action: draft-ietf-tls-cert-abridge-00.txt

2024-03-01 Thread Ilari Liusvaara
On Fri, Mar 01, 2024 at 12:48:54PM +, Dennis Jackson wrote: > > On 06/09/2023 17:46, Ilari Liusvaara wrote: > > Doing quick review: > > > > Section 3.1.2: > > > > - RFC 8879 does not allow ignoring unrecognized three-byte identifiers. > >Instead, the connection MUST be terminated with ba

Re: [TLS] FW: New Version Notification for draft-mattsson-tls-super-jumbo-record-limit-01.txt

2024-03-01 Thread Benjamin Kaduk
Hi John, I confess that my first impression was "eww, extensions with side effects on other extensions, that sounds super finicky to implement correctly". But actually reading in further, it seems more that the guiding principle is instead "only have one way to do a thing", in this case to commun

Re: [TLS] Trust Expressions Follow-up

2024-03-01 Thread Orie Steele
I found the CDDL in the appendix intriguing: https://davidben.github.io/tls-trust-expressions/draft-davidben-tls-trust-expr.html#appendix-A In SCITT, we've been kicking around a related concept... It's had several names, all of which have led to confusion, so I will not repeat them here, but I wa

Re: [TLS] draft-ietf-tls-cert-abridge Update

2024-03-01 Thread Kampanakis, Panos
Hi Dennis, I created a git issue https://github.com/tlswg/draft-ietf-tls-cert-abridge/issues/23 but I am pasting it here for the sake of the discussion: What does the client do if the server only does Pass 1 and compresses / omits the chain certs but does not compress the end-entity certs (Pas

Re: [TLS] FW: New Version Notification for draft-mattsson-tls-super-jumbo-record-limit-01.txt

2024-03-01 Thread John Mattsson
Thanks Ben, >I confess that my first impression was "eww, extensions with side effects on >other extensions, that sounds super finicky to implement correctly". > >But actually reading in further, it seems more that the guiding principle is >instead "only have one way to do a thing", in this case t