It will not come as a surprise that I oppose adoption for the reasons
laid out in 'Trust is non-negotiable' [1].
The claims that Trust Negotiation can improve security or compatibility
just do not stand up to scrutiny. Especially as in over a year since
first introduction, there has been no cr
Thanks for the thoughts!
> To that end, perhaps it's most useful to focus in on the post-quantum
case, as I think that's the one that the WG finds most compelling.
That's certainly not the use case I find most compelling. It's one among a
class of PKI scenarios, just as PQ is not the only reason
On 04/02/2025 14:10, Bas Westerbaan wrote:
I just sketched one with a signal in the certificate. You point out
some valid deployment challenges, but they're far from disqualifying
the approach from the start, and we should give the general direction
a chance.
Always worth exploring new directi
On Sat, Feb 1, 2025 at 10:02 AM Eric Rescorla wrote:
> Starting a new thread to keep it off the adoption call thread.
>
> I'm still forming my opinion on this topic. To that end, perhaps it's
> most useful to focus in on the post-quantum case, as I think that's
> the one that the WG finds most co
I find Dennis’ writeup and most of his arguments convincing.
I don’t think the WG should adopt the draft.
From: Dennis Jackson
Sent: Tuesday, February 4, 2025 8:28 PM
To: TLS List
Subject: [EXTERNAL] [TLS] Re: Adoption Call for Trust Anchor IDs
CAUTION: This email originated from outside of t
Well, the other thing about HSTS is that it's specified to be only "for web
sites" It is right in the first sentence.
"This specification defines a mechanism enabling web sites..."
I asked about this with regard to ACME, and they told me to get lost. Fine
(also kind of funny), but we need to be c
>
> I think HSTS provides the basis for a more effective solution. It needs
> only to be extended with a single additional bit ("Enforce use of PQ
> signatures") and it's already well-understood by website operators.
> Managing the preload list is a bit unpleasant for browsers, but strictly
> speak
