I've seen the topic of cross-signs mentioned multiple times in this thread,
often with the assumption that they are simple and easy to secure. However,
in practice, this is not the case. There are significant commercial
challenges that often prevent cross-signing from being straightforward. For
exa
Hi Ryan,
On 27/05/2024 16:39, Ryan Hurst wrote:
[...]
Moreover, there's the liability issue: a CA that cross-signs another
CA exposes its business to distrust based on the practices of the CA
it cross-signs.
[...]
As someone who has both provided said cross-signs and received them I
real
My comment was intended to address the larger conversation in the thread
regarding cross-signs. That said, as you point out, there is absolutely
nothing preventing a single entity from cross-signing itself. However,
doing so with a hybrid chain weakens the security of the chain to the
security prop
Hi Ryan,
I wonder if the IETF mail servers are having a bad day again. I only see
your reply to me, no other messages and currently the archives are only
showing my initial email [1] with no replies.
[1] https://mailarchive.ietf.org/arch/browse/tls/
On 27/05/2024 18:51, Ryan Hurst wrote:
How
Hi Ryan,
On 27/05/2024 19:23, Ryan Hurst wrote:
I don't understand your position on the verifier, the faith one can
put in the chain of signatures is only the faith appropriate for the
weakest signature. As such if a classical key is used to sign a PQ
chain, an attacker would go after the clas
Hi! I asked the authors to spin a new version because the I-D would have
expired during the WGLC. No substantive changes were introduced in this the
-01 version.
spt
> On May 23, 2024, at 16:44, internet-dra...@ietf.org wrote:
>
> Internet-Draft draft-ietf-tls-tls13-pkcs1-01.txt is now availa
Just a reminder that this WGLC is still ongoing.
spt
> On May 22, 2024, at 10:14, Sean Turner wrote:
>
> This email starts the working group last call for "Legacy RSASSA-PKCS1-v1_5
> codepoints for TLS 1.3” I-D, located here:
>
> https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-pkcs1/
>
On Mon, May 27, 2024 at 10:39:27PM +0200, Dennis Jackson wrote:
> Hi Ryan,
>
> On 27/05/2024 19:23, Ryan Hurst wrote:
> > I don't understand your position on the verifier, the faith one can put
> > in the chain of signatures is only the faith appropriate for the weakest
> > signature. As such if a
On Fri, May 24, 2024 at 3:46 PM Watson Ladd wrote:
> To be clear, in Denis's scenario Ebonia requires all servers to obtain
> a cert from Honest Ahmed's
> (https://bugzilla.mozilla.org/show_bug.cgi?id=647959) Ebonian Secure
> CA. Server operators who complain that this will break clients are
> to
