We've had a lot of discussion on this thread that has pointed out that
there are enough issues with the current document that we should recommend
that the AD pull it back from the RFC editor.

Concerns have been raised about the trade-offs associated with pinning and
I do not think we currently have consensus to add pinning.  While I think
it may be possible to come to consensus on pinning I think it may take some
time.  I believe we can quickly get consensus for the following approach:

1. Scope the document to the assertive use cases
2. Explicitly allow (but do not require) DoE be included
3. Remove current text about pinning
4. Re-submit the document for publication and start work on a separate
extension that supports pinning

I understand that not everyone is happy with publishing the document scoped
down in this way, but there is a community of users who would find it
useful.  I am soliciting suggestions for text for the 1-3 and I encourage
proponents of the more restrictive use case to get a draft together that we
can consider for adoption by the working group.

I also want to thank the participants for keeping the discussion mostly
civil and having patience as we go through this process.

Joe


On Wed, Apr 4, 2018 at 10:50 AM, Joseph Salowey <j...@salowey.net> wrote:

> Hi Folks,
>
> Some objections were raised late during the review of
> the draft-ietf-tls-dnssec-chain-extension. The question before the
> working group is either to publish the document as is or to bring the
> document back into the working group to address the following issues:
>
> - Recommendation of adding denial of existence proofs in the chain
> provided by the extension
> - Adding signaling to require the use of this extension for a period of
> time (Pinning with TTL)
>
> This is a consensus call on how to progress this document.  Please answer
> the following questions:
>
> 1) Do you support publication of the document as is, leaving these two
> issues to potentially be addressed in follow-up work?
>
> If the answer to 1) is no then please indicate if you think the working
> group should work on the document to include
>
> A) Recommendation of adding denial of existence proofs in the chain
> provided by the extension
> B) Adding signaling to require the use of this extension for a period of
> time (Pinning with TTL)
> C) Both
>
> This call will be open until April 18, 2018.
>
> Thanks,
>
> Joe
>
>
>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to