On Thu, Apr 26, 2018 at 11:53:29AM -0400, Viktor Dukhovni wrote: > Of course given evermore sophisticated BGP attacks: > > https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/ > > you might actually want to consider DNSSEC, implement it properly > and monitor, and the bricking won't happen.
Good point! DNSSEC is the only defense against such attacks at this point. Pinning this extension sure seems like a desirable thing in that context! We're not asking for pinning _now_ because as the WG chair says there is no consensus to add pinning _now_. We're only trying to make it *easier* to add it _later_. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
