[TLS] Trusted CA Keys

Henrick Hellström <henrick@streamsec.se> Wed, 10 December 2014 10:33 UTC

Return-Path: <henrick@streamsec.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id DCB011A1A25 for <tls@ietfa.amsl.com>; Wed, 10 Dec 2014 02:33:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.649
X-Spam-Status: No, score=0.649 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id eCnRK2o-M8Fy for <tls@ietfa.amsl.com>; Wed, 10 Dec 2014 02:33:07 -0800 (PST)
Received: from vsp3.ballou.se (vsp3.ballou.se []) by ietfa.amsl.com (Postfix) with SMTP id DBE981A1A1E for <tls@ietf.org>; Wed, 10 Dec 2014 02:33:06 -0800 (PST)
X-Halon-Scanned: 7f4a955dd6f4c149d51110a345668da22aa82d04
Received: from nmail1.ballou.se (unknown []) by vsp3.ballou.se (Halon Mail Gateway) with ESMTP for <tls@ietf.org>; Wed, 10 Dec 2014 11:33:03 +0100 (CET)
Received: from [] (c-21cfe555.06-134-73746f39.cust.bredbandsbolaget.se []) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id 113781DEB7 for <tls@ietf.org>; Wed, 10 Dec 2014 11:33:03 +0100 (CET)
Message-ID: <5488214D.8020504@streamsec.se>
Date: Wed, 10 Dec 2014 11:32:45 +0100
From: Henrick Hellström <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/lOr9Xf15uQPjDTwkXkAv38VWhJU
Subject: [TLS] Trusted CA Keys
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Dec 2014 10:33:09 -0000

Is anyone using the trusted_ca_keys(3) extension for any kind of public 

The security considerations seem a bit discouraging, and almost invites 
usage of the extension for putting confidential proprietary identifiers 
in the cert_sha1_hash field.