On Wed, Apr 04, 2018 at 07:56:37PM -0700, Eric Rescorla wrote: > On Wed, Apr 4, 2018 at 7:31 PM, Nico Williams <n...@cryptonector.com> wrote: > > We cannot be serious about security while promoting a protocol with a > > glaring downgrade attack. > > Unfortunately, you are conflating the assertive and restrictive use cases.
I'm conflating nothing. I want to be able to use this HTTPS with DANE, but this extension as-is cannot be used in any protocol where it isn't mandatory. (Richard B. proposes that one can use this with HTTPS when using a CA that is not likely to be trusted by some clients. But that's hardly the enticing use of this extension for HTTPS. The interesting use-case is DANE for HTTPS, with or without WebPKI, and having a method of possibly deploying this. By "possibly" I mean "incremental".) > To recap, there are two potential reasons why one might want thi > technology: > > [...] You're not being serious. You're rationalizing the document as-is. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
