On Thu, Apr 12, 2018 at 4:14 PM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> > > > On Apr 12, 2018, at 7:10 PM, Eric Rescorla <e...@rtfm.com> wrote: > > > > The difficulty here is what the server knows about the clients behavior. > > Specifically, if the server serves TLSA records and then ceases doing > > without serving authenticated denial of existence, then it is unable to > > determine if this would cause clients to fail because it doesn't know if > > the client implements the text in the final paragraph. One could argue > > that current clients could pin, but that's totally extratextual, as > opposed > > t having a noninteroperable behavior in the document. > > How exactly does telling the client the truth (conveying correct > DNS state about the TLSA records) harm interoperability??? > > Please explain the scenario in which something now fails??? > I already did this in my previous email, but I'll try again. In the current document, there is no expectation that clients will pin the server's use of TLSA and therefore the server can safely stop using TLSA (or run a mixed server farm). However, because this text implies that the client *could* pin, in order to ensure interoperability the server would have to provide authenticated denial at the risk of connection failure with such clients. However the text also does not require that the server do so. Thus, a conformant client and a conformant server can fail if the server just stops using TLSA. -Ekr > -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
