On Thu, Apr 5, 2018 at 2:06 AM, Paul Wouters <p...@nohats.ca> wrote: > On Wed, 4 Apr 2018, Eric Rescorla wrote: > > 1. Assertive: To avoid having to engage with the WebPKI (e.g., because it's >> a pain). This rationale was stronger back before Let's Encrypt, but >> I suppose some people may still feel that way. >> >> 2. Restrictive: To protect yourself from compromise of the WebPKI. >> >> Yes, if your motivation is #2, then the flow you suggest is a real >> problem, >> but it's not a problem for #1. While not an author of this document, I'd >> understood it's primary motivation to be #1, and that's what Richard's >> earlier notes have said as well. >> > > The primary use case of the author's is not relevant. The document is a > working group document, and people who have contributed to this document > from the start also have valid use cases. >
Of course. I'm merely responding here to the claim that the document is useless as-is. -Ekr > For example, I proposed to use the DNS wire format early on and the WG > made that change. My use case was never to create a "DANE or WebPKI is > enough" security model, as I do not think that model helps anyone. > > Paul > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
