> On May 16, 2018, at 1:34 AM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
>
>> I would be grateful if you would have a consistent story on this.
>> Clearly, it's not just two bytes, or there wouldn't be a perceived
>> need for them. It's two bytes plus the associated semantics and
>> processing algorithms. In the event that anybody has an interest
>> in implementing something along these lines the offer to work on
>> an extension to support it still stands.
>
> The story is quite consistent. Applications that have no need
> for pinning pay no cost as claimed. Applications that need it,
> can't use the present specification at all, but would be able
> to at the cost of storing the pins, and requiring the extension
> when pinned. Nobody pays an extra cost they could otherwise
> avoid.
Melinda, I'd like to hear whether the above addresses your concern,
or whether there's a remaining issue along these lines that we've
failed to cover. If so, it would be great to spell it out. As
it stands, I think that the issue of additional semantics, costs,
etc. is addressed. The only cost is the two bytes, and there is
no semantic burden in applications that don't already need pinning
to make meaningful use of the extension.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
