On 22/07/2024 09:57, Mike Shaver wrote:
I’m not informed enough to comment on the protocol elements of the
specific Trust Anchor proposal, but I agree that more PKI agility will
be healthy.
Fundamentally, the TLS implementation community will be pushing this
agility into endpoints by default, which means that it would take
active divergence by a system implementor to create the sort of TBTF
systems that impede trust changes today.
I would like to hear from the authors (or others in the TLS
implementation community) if they think Trust Expressions / Trust
Anchors can be pushed into non-browser endpoints by default and the work
they think would be required to achieve it?
I think I see how, with substantial investment, an application like a
browser could adopt these designs. I'm not sure I can see a TLS library
ever being able to offer it by default.
Best,
Dennis
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
