I realize I'm not following the TLS working group. I was asked to
review this issue by someone who was confused and hurt by the current
process and was asking for a less involved opinion. Since I took the
trouble to review the document, to review a good chunk of the current
list discussion, I de
Hi Tony,
Thanks for forwarding these.
I haven't had time to give them a thorough review, but on a quick skim I
notice that this seems to be based on TLS 1.2 and to use a bunch of
algorithms we are trying to deprecate (e.g., CBC). Is there a reason not to
start with TLS 1.3 and more modern algorit
n Fri, Apr 13, 2018 at 9:19 AM, Tony Rutkowski <
trutkowski.netma...@gmail.com> wrote:
> Good observation. When the work started, 1.3 was a work in progress and
> the rapporteurs wanted to move forward with an initial test of concept
> based on considerable published work out there. In addition,
On Thu, Apr 12, 2018 at 04:40:25AM -0400, Paul Wouters wrote:
> On Wed, 11 Apr 2018, Benjamin Kaduk wrote:
>
> >I don't really agree with that characterization. To state my understanding,
> >as responsible AD, of the status of this document: this document is in the
> >RFC Editor's queue being pro
Hey Tony,
Thanks for the comments. Hopefully we can adapt this document to tick more
boxes for you :) Since I had noticed some other errors in the document
(e.g., figures not rendering properly), I went ahead and submitted a new
version that takes these comments into account.
https://tools.ietf
I haven't been following this WG closely but read the draft and
discussion to see what this was all about, so here's an opinion from a
somewhat external reviewer, not in the room in London:
On 4/4/18 10:50 AM, Joseph Salowey wrote:
> Hi Folks,
>
> Some objections were raised late during the review
On Thu, Apr 12, 2018 at 09:51:12PM -0700, Eric Rescorla wrote:
> On Thu, Apr 12, 2018 at 9:40 PM, Viktor Dukhovni
> wrote:
> > > On Apr 13, 2018, at 12:07 AM, Melinda Shore <
> > melinda.sh...@nomountain.net> wrote:
> > >
> > > I'm okay with putting denial-of-existence in there as a should,
> > >
On Thu, Apr 12, 2018 at 04:10:27PM -0700, Eric Rescorla wrote:
> On Thu, Apr 12, 2018 at 4:06 PM, Viktor Dukhovni
> wrote:
> > Proposed text:
> >
> >When the server has DNSSEC-signed TLSA records, the first RRset in
> >the chain MUST contain the TLSA record set being presented.
> >Howe
On Fri, Apr 13, 2018 at 4:30 PM, Nico Williams
wrote:
> On Thu, Apr 12, 2018 at 04:10:27PM -0700, Eric Rescorla wrote:
> > On Thu, Apr 12, 2018 at 4:06 PM, Viktor Dukhovni >
> > wrote:
> > > Proposed text:
> > >
> > >When the server has DNSSEC-signed TLSA records, the first RRset in
> > >