On Sat, Apr 28, 2018 at 3:01 PM, Paul Wouters <p...@nohats.ca> wrote:
> On Sat, 28 Apr 2018, Shumon Huque wrote: > > [ not going to repeat my technical arguments here, just going to comment > on process ] > > First, there is no agreement that your reason for doing pinning, >> i.e. that DANE needs downgrade resistance against PKIX attacks >> is even valid. >> > > This is incorrect. From the replies to the consensus call on the list, > it actually weights in favour of _some_ kind of downgrade resistance. > This isn't clear to me at all. What I observe is that some folks who don't want pinning in the draft are okay with it being an optional separate extension (which they can ignore, but others that want it can implement). Sadly, only a handful of people are actually participating on the list. What you are ignoring is the many people who spoke up in person at IETF/London against pinning. Most of those folks are not speaking up on list now. So if we do put the pinning field in this draft, what I suspect will happen is that it will be discussed at some future IETF TLS WG meeting, and will be shot down, and we'll be back to square one again, and this draft will never make progress. Thus my pragmatic side is encouraging going in the direction of the new extension, which I believe has more chance of success. Shumon.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
