On Wed, 4 Jul 2018, Eric Rescorla wrote:
> > > Do we have a count of major implementors who say they will do so?
> >
> > Well, what is a "major implementation"?
>
> Well, we could start with "what implementations are going to do this"?
[postfix and openssl apparently not big enough ]
It would be nice to hear from those maintainers, as well as from some of the
bigger email senders (e.g., GMail, Yahoo Mail,
etc.)
This is not a valid direction for this technical discussion, and goes
pretty directly against the Tao of the IETF. But if you want to go
that way, here is my proposed question to those providers:
Do you object to your company's product needing to send two
additional zero bytes in a TLS handshake if/when you support
DANE stappling in TLS in the case that you do NOT want to be
protected from downgrade attacks so that other entities that DO
want to support downgrade protection can do so without creating
yet another a mostly duplicate internet standard that comes with
its own delay in deployment?
I am fine with people believing they do not need downgrade protection,
although in my experience most downgrade possibilities end up getting
abused at some point for malicious purposes. But it would be great if
those people could reciprocate that freedom of choice to those that do
want downgrade protection so they can make actual security decisions
based on this standard.
Thank you,
Paul
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
