> On Apr 19, 2018, at 2:54 PM, Salz, Rich <[email protected]> wrote:
>
> David has pointed out valid use-cases. I think most use-cases will "just
> work." We should document the known sharp edges.
I am pointing valid use-cases that David has not taken into account, and
conformance ratchets have cost/benefit trade-offs, and are fair game for
discussion. Ad hominem responses are entirely inappropriate, and an apology is
due.
David has done lots of good work, but we're all human, and the SNI ratchet is
problematic for at least SMTP. I can legitimately be argued to be a poor
tradeoff.
Even in HTTP where the client ought to send SNI, if it does not, but would
accept the default certificate (with e.g. TLS 1.2), the rationale for
deliberately unusable certificates with TLS 1.3 does not look compelling,
especially given the privacy
leaks with SNI.
--
--
Viktor.
_______________________________________________
openssl-project mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-project
