Hi all, I'm reviewing draft-ietf-dprive-xfr-over-tls for this week's IESG telechat, and in https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls-11#appendix-A.3 it seems to suggest that a TLS server might only choose to allow connections that include a specific (secret-ish) SNI value. Given that the "as above" listed "con" seems to indicate that there are no relevant implementations of this functionality, I plan to push back on its inclusion in the document; a PSK mode (with cert, per RFC 8773) would seem to be universally superior.
Am I correct to do so? Do we know of any cases where the SNI value is being (ab)used as an authorization token in this manner? Thanks, Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
