> On May 17, 2018, at 1:31 AM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
>
>> And again, nobody has said that they intend to implement the proposed
>> mechanism - indeed, when asked, people have said that they won't.
>
> Doesn't that resolve the issue then? If no-one's going to implement it
> then it doesn't matter how many bits you use. Make it one bit, 128 bits,
> -1 bits, e^i{pi} bits, it won't matter.
The claim that nobody's going to implement is an expression of frustration,
undoubtedly earned, but not a statement of fact. While no major browser is
champing at the bit to adopt this extension we will be making a more modest
start in other areas in the not too distant future.
DANE for MTA-to-MTA did not happen until until ~2 years after the ink was
dry on RFC6698. And yet today we have 209k domains and growing with DANE
TLSA records for their mail server, support for spec in Postfix, Exim,
Halon, MailChannels, Cisco ESA (formerly Ironport) has DANE support in beta,
.... Some things take time.
Here, the objective is to not close the door on the original scope of the
document by limiting the design to just the use-case of the its initial
application.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
