[TLS] Protocol Action: 'A DANE Record and DNSSEC Authentication Chain Extension for TLS' to Proposed Standard (draft-ietf-tls-dnssec-chain-extension-07.txt)

The IESG has approved the following document: - 'A DANE Record and DNSSEC Authentication Chain Extension for TLS' (draft-ietf-tls-dnssec-chain-extension-07.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are

[TLS] Alexey Melnikov's Yes on draft-ietf-tls-dnssec-chain-extension-07: (with COMMENT)

Alexey Melnikov has entered the following ballot position for draft-ietf-tls-dnssec-chain-extension-07: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please

[TLS] I-D Action: draft-ietf-tls-dnssec-chain-extension-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : A DANE Record and DNSSEC Authentication Chain Extension for TLS Authors : Melinda Shore

Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

On Tuesday, 20 March 2018 22:21:06 CET Eric Rescorla wrote: > On Tue, Mar 20, 2018 at 7:42 PM, Hubert Kario wrote: > > On Monday, 19 March 2018 14:38:05 CET Eric Rescorla wrote: > > > On Mon, Mar 19, 2018 at 1:33 PM, Nikos Mavrogiannopoulos < > > > > n...@redhat.com> > > > >

[TLS] Certificate-based Authentication with External PSK

Apologies to Russ, but we ran out of time today during the session. Here’s a link to presentation that got bumped: https://datatracker.ietf.org/doc/slides-101-tls-sessa-certificate-based-authentication-with-external-psk/ spt ___ TLS mailing list

Re: [TLS] proposed text for draft-ietf-tls-dnssec-chain-extension-06

Speaking as an individual, as I said in the meeting, I don't think this is a helpful change. -Ekr On Wed, Mar 21, 2018 at 1:05 PM, Paul Wouters wrote: > > I think the below change would address my issue, without stepping on the > things people brought up today (other then

[TLS] proposed text for draft-ietf-tls-dnssec-chain-extension-06

I think the below change would address my issue, without stepping on the things people brought up today (other then suggesting, not mandating, to send proof of non-existence when halting TLSA support in the zone) Paul diff --git a/draft-ietf-tls-dnssec-chain-extension-07.xml

[TLS] Eric Rescorla's No Objection on draft-ietf-tls-dnssec-chain-extension-06: (with COMMENT)

Eric Rescorla has entered the following ballot position for draft-ietf-tls-dnssec-chain-extension-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)

[TLS] Protocol Action: 'The Transport Layer Security (TLS) Protocol Version 1.3' to Proposed Standard (draft-ietf-tls-tls13-28.txt)

The IESG has approved the following document: - 'The Transport Layer Security (TLS) Protocol Version 1.3' (draft-ietf-tls-tls13-28.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Kathleen Moriarty and Eric

Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

The document has been approved for publication and the outstanding reference will be added in the RFC editor process during Auth48. Thank you all for your work on this protocol. Best regards, Kathleen On Tue, Mar 20, 2018 at 5:21 PM, Eric Rescorla wrote: > > > On Tue, Mar 20,