Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Roland Zink Wed, 25 Oct 2017 09:22:40 -0700

It could but RFC 7469 section 2.6(https://tools.ietf.org/html/rfc7469#section-2.6) says:


"  It is acceptable to allow Pin
   Validation to be disabled for some Hosts according to local policy.
   For example, a UA may disable Pin Validation for Pinned Hosts whose
   validated certificate chain terminates at a user-defined trust
   anchor, rather than a trust anchor built-in to the UA (or underlying
   platform)."


and most browsers seem to follow this mitm exception.

Regards,
Roland


Am 25.10.2017 um 18:06 schrieb Salz, Rich:

since those other means would be easier and more effective. You

     have done nothing to suggest otherwise.

Public-key pinning and CT seem like they would prevent those other mechanisms. No?


_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Reply via email to