On Thu, Feb 05, 2026 at 07:03:17PM +0100, Muhammad Usama Sardar wrote:
> Hi Viktor, Paul,
>
> I don't know the history of DANE matter and don't have time to dig
> into it either but I want to say a couple of things:
Well, that history is relevant. The sticking point was never about
formal analysis or similar matters. It was an objection on principle
to adding downgrade resistance through server commitment for a specified
time to support the feature in question.
The DANE chain story was actually much less fragile than the proposal here.
- Just a single server feature, no complications with multiple PQ
algorithms, multi-certificate chains, ...
- The server could remove the pin by returning DNS chain data that
proves the non-existence of the TLSA records, or insecure
delegation of the domain. It just had to be willing to provide
the evidence.
And yet, downgrade-resistance in the form of a commitment to support the
requested extension was for some reason unpalatable, and I'd be very
surprised to find it suddenly acceptable here. If this sort of pinning
(seemingly somewhat more complex and harder to undo) is now acceptable
here, what changed?
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
