Re: [TLS] draft-ietf-tls-dnssec-chain-extensions security considerations

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

> On Jun 26, 2018, at 12:20 AM, Joseph Salowey <joe@salowey.net> wrote:
> 
> Hi Folks,
> 
> There has been some discussion with a small group of folks on github - https://github.com/tlswg/dnssec-chain-extension/pull/19.   I want to make sure there is consensus in the working group to take on the pinning work and see if there is consensus for modifications in the revision.  Please respond to the following questions on the list by July 10, 2018. 
> 
> 1.  Do you support the working group taking on future work on a pinning mechanism (based on the modifications or another approach)?

Yes.

> 2.  Do you support the reserved bytes in the revision for a future pinning mechanism?

Yes, no strong feelings whether it is exactly 2 bytes or an opaque<0..255>
to be defined as part of 1.  With either exactly 2 bytes, or an empty opaque,
the server signals that its operator does not (yet?) support unilateral
client-side pinning.  No to turning this into an extension block.

> 3.  Do you support the proof of denial of existence text in the revision?

Yes, with minor error corrections, where appropriate (perhaps
after the next I-D revision, easier perhaps to read a complete
snapshot than a pull request, and tools.ietf.org can also show
diffs).

> 4.  Do you support the new and improved security considerations?

Yes.  We can word-smith any minor blemishes when the next I-D
version comes out.

-- 
	Viktor.