> I think we had a long enough discussion time about this so everybody who has > an opinion Ok, agreed. I'm okay with the proposed change you sent to Rob!
> And again, this thread is just for the RFC8995 Register/MASA section Errata. Good; some of the thread seemed to imply the Pledge would send SNI but that was only suggested for the Cloud-Registrar case then, probably. Small addendum: Even if RFC 6066 would allow IP literals in a SNI (which it doesn't), then it still could not be used by a Pledge. Reason is that a Pledge would discover only the IP literal of a Proxy and not the one of the Registrar. So the Registrar would receive SNI with an incorrect IP address in it in that hypothetical case. So it wouldn't work anyway. Esko -----Original Message----- From: Toerless Eckert <[email protected]> Sent: Thursday, February 15, 2024 17:52 To: Esko Dijk <[email protected]> Cc: Michael Richardson <[email protected]>; [email protected]; [email protected] Subject: Re: [Anima] Errata 6642: Re: Registrar to MASA connections: SNI required Trying to find better rules for the process without success, so i think that it's up to Rob to determine whethrer he wants additional input from the WG or simply accept/reject the proposed text change based on his own evaluation. I think we had a long enough discussion time about this so everybody who has an opinion did have a chance to chime in. And again, this thread is just for the RFC8995 Register/MASA section Errata. The discussion about my github request in BRSKI cloud Pledge->Registrar is independent. Sending of SNI is an application choice as explained in TLS 1.3 (probably also in RFC6066), so it really needs to be decided by each application function, although it seems as if the rule of thumb is to always send it as long as the TLS responder is known by DNS hostname. But it seems neither RFC6066 nor TLS 1.3 make this a rule. Cheers Toerless On Thu, Feb 15, 2024 at 12:54:19PM +0000, Esko Dijk wrote: > Shouldn't the ANIMA WG also agree on a new text or a new concept for an > erratum? > And who are "all parties"? For me this is just too vague. > > Esko > > -----Original Message----- > From: Anima <[email protected]> On Behalf Of Michael Richardson > Sent: Wednesday, February 14, 2024 19:54 > To: Toerless Eckert <[email protected]> > Cc: [email protected]; [email protected] > Subject: Re: [Anima] Errata 6642: Re: Registrar to MASA connections: SNI > required > > > Toerless Eckert <[email protected]> wrote: > >> I'm fine with this. But, since it's hold for document update, we > >> don't have to wordsmith it now, as long as we get across the right > >> idea in the patch. > > > Well, my understanding is that Rob simply wants a replacement text for > > the Errata that we both agree on so he can update the Errata with it. > > All of the text you have proposed is fine with me in the end. > Short of it: all parties always send SNI. > > (Registrar must often ignore SNI upon receipt) > > -- > Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > -- --- [email protected] _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
