On Thu, Apr 12, 2018 at 4:14 PM, Viktor Dukhovni <ietf-d...@dukhovni.org>

> > On Apr 12, 2018, at 7:10 PM, Eric Rescorla <e...@rtfm.com> wrote:
> >
> > The difficulty here is what the server knows about the clients behavior.
> > Specifically, if the server serves TLSA records and then ceases doing
> > without serving authenticated denial of existence, then it is unable to
> > determine if this would cause clients to fail because it doesn't know if
> > the client implements the text in the final paragraph. One could argue
> > that current clients could pin, but that's totally extratextual, as
> opposed
> > t having a noninteroperable behavior in the document.
> How exactly does telling the client the truth (conveying correct
> DNS state about the TLSA records) harm interoperability???
> Please explain the scenario in which something now fails???

I already did this in my previous email, but I'll try again.

In the current document, there is no expectation that clients will pin the
server's use of TLSA and therefore the server can safely stop using
TLSA (or run a mixed server farm). However, because this text implies
that the client *could* pin, in order to ensure interoperability the server
would have to provide authenticated denial at the risk of connection
failure with such clients. However the text also does not require that
the server do so. Thus, a conformant client and a conformant server
can fail if the server just stops using TLSA.


> --
>         Viktor.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
TLS mailing list

Reply via email to