Re: [TLS] TLS DNSSEC chain consensus text, please speak up...
Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 16 May 2018 04:22 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E256127871 for <tls@ietfa.amsl.com>; Tue, 15 May 2018 21:22:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWCQT0myPzS6 for <tls@ietfa.amsl.com>; Tue, 15 May 2018 21:22:43 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3498D127869 for <tls@ietf.org>; Tue, 15 May 2018 21:22:43 -0700 (PDT)
Received: from [192.168.1.161] (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 4F8E57A3309 for <tls@ietf.org>; Wed, 16 May 2018 04:22:42 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <795f96a1-e2b2-6a89-555c-c856d07838cf@nomountain.net>
Date: Wed, 16 May 2018 00:22:41 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: TLS WG <tls@ietf.org>
Message-Id: <86E426FA-9F05-4B5C-A51A-44723C46AB26@dukhovni.org>
References: <5E208416-CC05-4CA0-91A4-680045823E82@dukhovni.org> <795f96a1-e2b2-6a89-555c-c856d07838cf@nomountain.net>
To: TLS WG <tls@ietf.org>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KlumZwfjHdDLNEFTF2GMOae02Gs>
Subject: Re: [TLS] TLS DNSSEC chain consensus text, please speak up...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 04:22:44 -0000
> On May 16, 2018, at 12:08 AM, Melinda Shore <melinda.shore@nomountain.net> wrote: > > At any rate this is starting to feel like abuse of process. I was simply following a security AD's suggestion from today's earlier thread with the AD's authors and chairs: > Therefore, if you want to make that change, you need to persuade the WG. I still think that the WG has not had a chance to fully consider the specific issue of reserving the two bytes as part of the present remediation to remove the unwanted (by anyone of us) unilateral client-side pinning. The proposal is conservative, and does not contradict the consensus to remove pinning for now. It just leaves the door open going forward, at negligible cost (two bytes on the wire in bandwidth, and zero in implementation). Therefore, based on the above advice, I am giving the WG the benefit of the doubt. -- Viktor.
- [TLS] TLS DNSSEC chain consensus text, please spe… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Thomas Lund
- Re: [TLS] TLS DNSSEC chain consensus text, please… Ted Lemon
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tom Ritter
- Re: [TLS] TLS DNSSEC chain consensus text, please… Christian Huitema
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Christian Huitema
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… James Cloos
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Peter Gutmann
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tim Hollebeek
- Re: [TLS] TLS DNSSEC chain consensus text, please… Paul Wouters
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tim Hollebeek
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tim Hollebeek