On Thu, Jul 05, 2018 at 12:31:02PM +1000, Martin Thomson wrote:
> On Tue, Jun 26, 2018 at 2:21 PM Joseph Salowey <j...@salowey.net> wrote:
> > 1. Do you support the working group taking on future work on a pinning
> > mechanism (based on the modifications or another approach)?
>
> I don't think that pinning is a good idea. We've experience that
> suggests that it's more of a footgun than a useful mechanism. That
> isn't to say that there isn't a domain where it makes sense.
Did you oppose MTA-STS? The proposed "pinning" is very much like
a simpler form of MTA-STS, and nothing unlike HPKP.
Perhaps it would be much less confusing if we stopped calling it
"pinning" (which seems to be a traumatic memory trigger for the
HTTP community). We can call this "strict TLS DANE chain" or some
such, which is a much better analogy in any case.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
