On 4/16/18 at 9:31 AM, n...@cryptonector.com (Nico Williams) wrote:
I wouldn't mind a (C'): a variant of (C) where we get denial of
existence and a one- or two-byte TTL (one by count of weeks or two-byte
count of hours) with de minimis text about it, leaving pinning semantics
to a separate document. In such a (C') we'd elide all pinning (or most*)
in this document.
I have always worried about the trust model in PKIX, and thought
that some form of pinning would an excellent enhancement --
modeling how individuals work in the real world:
Alice, I'd like you to meet Bob. He is an expert in... (Alice
learns Bob's voice pattern.)
Bob, this is Alice, I'd like you to... (Alice recognizes
Bob's voice in the reply.)
I strongly support C or C' as the best way forward, allowing a
future RFC to address the pinning details. Viktor has some good
suggestions as well.
Note: I have not been involved in any face-to-face meetings or hums.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | When it comes to the world | Periwinkle
(408)356-8506 | around us, is there any choice | 16345
Englewood Ave
www.pwpconsult.com | but to explore? - Lisa Randall | Los Gatos,
CA 95032
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
