We've had a couple of conference calls to discuss the I-D. One call ended up causing the consensus on the I-D to collapse.
The second call ended too soon, but it was not unproductive. Indeed, I think at that call and in the subsequent off-list threads we identified the concerns with pinning: - footgun concerns - hostile abuse concerns Now, I believe we have demonstrated that there is no footgun: whenever you can set the pin, you can also clear the pin. At worst one might first upgrade a server to gain support for the extension, set a pin, then downgrade for some reason and thus footgun -- but the fix is to upgrade again, or not set the pin immediately upon upgrade. We also have a mitigation for upgrade-set-pin-downgrade case (exponential scaling of the pin timer with age of the RFC). The second concern is, IMO, a non-concern, but granting for argument's sake that it might be anyways, our answer to it is that sufficiently far into the future the victim's server will support the extension, thus it will be able to clear a hostile pin, therefore the exponential pin timer scaling idea will give servers time to gain support for the extension before anyone could ever make hostile use of the pin. I believe we have put away those two concerns. If we have not, please say so and explain such that we might (or that we might see the errors of our ways). Are there any other reasons not to accept the proposed pinning scheme? If no one can state any such reasons, why shouldn't we just accept the proposal? Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
