Internet-Draft draft-ietf-tls-cert-abridge-02.txt is now available. It is a
work item of the Transport Layer Security (TLS) WG of the IETF.
Title: Abridged Compression for WebPKI Certificates
Author: Dennis Jackson
Name:draft-ietf-tls-cert-abridge-02.txt
Pages: 21
Dates:
Thanks for the additional details, Mark. So it sounds like these
organizations are not only requiring that the remote party's certificate be
issued by a public CA, but that it be a specific certificate.
Couple of observations here:
1. This is clearly not business for the TLS WG. This WG doesn't
Public CAs not only add another risk, but public CAs shouldn't want to be
issuing these anyway if they are not for use with the web PKI. I agree that
it doesn't seem in scope for the IETF's work, but I'll admit that I'd love
to see more advocacy for divorcing such configurations from the public web
This version addresses all known issues. I will being work on the write-up, but
I would expect it to be with our AD by next week.
spt
> On Sep 14, 2024, at 16:19, internet-dra...@ietf.org wrote:
>
> Internet-Draft draft-ietf-tls-rfc8446bis-11.txt is now available. It is a work
> item of the Tra
ECH has been revised based on working group input and is ready to go to the
IESG. You can see the diff between the latest (-22) and the one published
previous to the last IETF (-18) here:
https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-esni-18&url2=draft-ietf-tls-esni-22&difftype=--html
.
I personally propose the community to reconsider the design of
accept_confirmation.
May be it sounds crazy, I advise to drop the requirements of the
accept_confirmation.
So that we can deploy the IETF without touching the backend server in the
Split-Mode.
And this will be a big promotion for th
