On 4/16/18 at 9:31 AM, n...@cryptonector.com (Nico Williams) wrote:

I wouldn't mind a (C'): a variant of (C) where we get denial of
existence and a one- or two-byte TTL (one by count of weeks or two-byte
count of hours) with de minimis text about it, leaving pinning semantics
to a separate document.  In such a (C') we'd elide all pinning (or most*)
in this document.

I have always worried about the trust model in PKIX, and thought that some form of pinning would an excellent enhancement -- modeling how individuals work in the real world:

Alice, I'd like you to meet Bob. He is an expert in... (Alice learns Bob's voice pattern.)

Bob, this is Alice, I'd like you to... (Alice recognizes Bob's voice in the reply.)

I strongly support C or C' as the best way forward, allowing a future RFC to address the pinning details. Viktor has some good suggestions as well.

Note: I have not been involved in any face-to-face meetings or hums.

Cheers - Bill

Bill Frantz        | When it comes to the world     | Periwinkle
(408)356-8506 | around us, is there any choice | 16345 Englewood Ave www.pwpconsult.com | but to explore? - Lisa Randall | Los Gatos, CA 95032

TLS mailing list

Reply via email to