We've had a lot of discussion on this thread that has pointed out that there are enough issues with the current document that we should recommend that the AD pull it back from the RFC editor.
Concerns have been raised about the trade-offs associated with pinning and I do not think we currently have consensus to add pinning. While I think it may be possible to come to consensus on pinning I think it may take some time. I believe we can quickly get consensus for the following approach: 1. Scope the document to the assertive use cases 2. Explicitly allow (but do not require) DoE be included 3. Remove current text about pinning 4. Re-submit the document for publication and start work on a separate extension that supports pinning I understand that not everyone is happy with publishing the document scoped down in this way, but there is a community of users who would find it useful. I am soliciting suggestions for text for the 1-3 and I encourage proponents of the more restrictive use case to get a draft together that we can consider for adoption by the working group. I also want to thank the participants for keeping the discussion mostly civil and having patience as we go through this process. Joe On Wed, Apr 4, 2018 at 10:50 AM, Joseph Salowey <j...@salowey.net> wrote: > Hi Folks, > > Some objections were raised late during the review of > the draft-ietf-tls-dnssec-chain-extension. The question before the > working group is either to publish the document as is or to bring the > document back into the working group to address the following issues: > > - Recommendation of adding denial of existence proofs in the chain > provided by the extension > - Adding signaling to require the use of this extension for a period of > time (Pinning with TTL) > > This is a consensus call on how to progress this document. Please answer > the following questions: > > 1) Do you support publication of the document as is, leaving these two > issues to potentially be addressed in follow-up work? > > If the answer to 1) is no then please indicate if you think the working > group should work on the document to include > > A) Recommendation of adding denial of existence proofs in the chain > provided by the extension > B) Adding signaling to require the use of this extension for a period of > time (Pinning with TTL) > C) Both > > This call will be open until April 18, 2018. > > Thanks, > > Joe > > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls