On 11/07/2023 15:48, Thom Wiggers wrote:
I enjoyed reading this draft. I think it is well-written. Aside from some to-be-figured-out details that have already been pointed out, it seems very practical, which is rather nice.
Thanks!
The one thing that makes me frown a bit is the intended versioning scheme. I don't think consuming identifiers is a problem, but perhaps we can pre-define the code points and variables for the next, say, N=0xff years? Then the versioning mechanism is set for the foreseeable future.
I like the reduction of bookkeeping but I think we would need to work out which parts of the construction to make dynamic with an IANA registry. I wouldn't want to 'permanently' encode the root programs, CT trusted log lists or end entity compressed extensions for example.
I don't really have a sense of what the idiomatic IETF solution is for this problem, so I settled for seemed like the least commitment method in the draft.
(You could even say that we wrap the code points after N years).
I don't know whether there'll be interest in using this scheme outside TLS (e.g. reducing storage / bandwidth costs in CT) but if there is then we'll probably want identifiers which are unambiguous over long timescales.
Best, Dennis _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
