Hiya,
On 10/11/2020 03:44, Joseph Salowey wrote:
Based on interest and support expressed at IETF 108, this email starts the
call for adoption of draft-vvv-tls-cross-sni-resumption. The draft can be
found here:
https://tools.ietf.org/html/draft-vvv-tls-cross-sni-resumption-00
This adoption call will run until November 30, 2020. Please indicate
whether or not you would like to see this draft adopted.
I'd be more in the "not yet" bracket for this. As Martin mentions this'd seem to create a possibly attractive way to do more tracking, so I think we ought try understand how that might fit into the wider set of new things (e.g. the HTTPS RRtype) before adopting. One concern is that this mechanism plus some minimal cert trickery such as having a single name present in many certs could result in large scale cross domain tracking if say the owner of "use-us-to-track-em.example.com" enabled anyone in their (advertising) network to pass ACME checks as needed, for that name. While that kind of trickery ought be visible via CT, I'm not sure we could depend on the web PKI to ensure it'd not happen. Cheers, S.
Note that this is an adoption call for the draft as a starting point towards solving the problem of resumption across SNI values. The final mechanism may certainly change depending on related efforts, e.g., draft-ietf-tls-tlsflags. Thanks, Sean, Chris and Joe _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
