Hello tls-trust-anchor-ids authors,
I'm working on a similar document[1] in a different area (in applications
without WebPKI and TLS), where just like here, eventually there might be
SVCB record would contain hints as to who the relevant trust anchors
are.
In our work we're so far open as to whet
Hi Christian,
Thanks for the thoughts!
By TLSA usage value 0, you mean this thing?
https://www.rfc-editor.org/rfc/rfc7671.html#section-5.4
Skimming it, I think it does not *quite* do what our draft had in mind.
That record seems to be something along the lines of certificate pinning,
where a tru
It is silly that in today’s world, we consider it good enough that a server
can send a client an end entity cert and a grab bag of intermediates and
cross signs and tell the client “I hope there’s enough material here for
you to build a path to something that you trust”. If someone proposed a new
s
