On 02/06/2016 02:36 PM, Yaron Sheffer wrote: > The draft describes using an opaque ticket (similar to a session > resumption ticket) to pin the identity of a TLS server. The new > version addresses several comments on this list, in particular > regarding the message syntax, and requesting a comparison with TACK - > thanks Dave and Daniel.
I only skimmed, but a couple things stood out: "bricking" is kind of an informal term I usually think of "identity" as being some concrete thing that can be named, so that when it says "identity pinning", I expected there to be some name or similar concrete identifier. It seems to me that what is going on is really that this is a scheme to ensure that subsequent communications are talking to the same entity by proof-of-possession of a token/key exchanged on the first communication, but that token does not contain any particular nameable entity. It seems that rewording the entire document in such a fashion would be pretty tedious and result in somewhat more stilted language, though, so I'm hesitant to recommend that course of action. -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
