[{"author": "Benjamin Kaduk", "text": "<p>meetecho please pan</p>", "time": "2022-07-28T21:36:10Z"}, {"author": "Benjamin Kaduk", "text": "<p>Thanks!</p>", "time": "2022-07-28T21:36:27Z"}, {"author": "Benjamin Kaduk", "text": "<p>Write the draft, see if TLS wants it, take it here otherwise.</p>", "time": "2022-07-28T21:39:44Z"}, {"author": "Benjamin Kaduk", "text": "<p>Why support a protocol version that's mandatory to implement under the BCP guidance for TLS usage?</p>", "time": "2022-07-28T21:40:54Z"}, {"author": "Benjamin Kaduk", "text": "<p>MT advocating renego, oh my.<br>\nThough I do seem to recall that there is some RFC that says it's okay so long as there is no application data preceding it.</p>", "time": "2022-07-28T21:42:22Z"}, {"author": "Martin Thomson", "text": "<p>Yes, HTTP/2 does that.</p>", "time": "2022-07-28T21:44:30Z"}, {"author": "Benjamin Kaduk", "text": "<p>Ah, right.  Thanks.</p>", "time": "2022-07-28T21:44:49Z"}, {"author": "Martin Thomson", "text": "<p>What Bob is saying is good advice.</p>", "time": "2022-07-28T21:45:55Z"}, {"author": "Benjamin Kaduk", "text": "<p>Yes, that was good advice from Bob.</p>", "time": "2022-07-28T21:46:06Z"}, {"author": "Martin Thomson", "text": "<p><a href=\"https://www.rfc-editor.org/rfc/rfc9261.html\">https://www.rfc-editor.org/rfc/rfc9261.html</a></p>", "time": "2022-07-28T21:47:16Z"}, {"author": "Martin Thomson", "text": "<p>That architecture document clearly needs tons of work.</p>", "time": "2022-07-28T21:49:37Z"}, {"author": "Jabber", "text": "<p>mcr: is now a stuckee author on the architecture.</p>", "time": "2022-07-28T21:50:14Z"}, {"author": "Wes Hardaker", "text": "<p>@martin: yes, that's known -- the architecture document is far less complete.</p>", "time": "2022-07-28T21:54:52Z"}, {"author": "Martin Thomson", "text": "<p>This idea that TLS 1.3 is big and complex is a lie.  It is only the differences from TLS 1.2 that make it challenging.  The core protocol is fairly straightforward.</p>", "time": "2022-07-28T21:56:04Z"}, {"author": "Martin Thomson", "text": "<p>...unless you want 0-RTT.</p>", "time": "2022-07-28T21:56:14Z"}, {"author": "Benjamin Kaduk", "text": "<p>For your next act, tell me that QUIC is not big and complex. <span aria-label=\"wink\" class=\"emoji emoji-1f609\" role=\"img\" title=\"wink\">:wink:</span></p>", "time": "2022-07-28T21:56:35Z"}, {"author": "Benjamin Kaduk", "text": "<p>Also, I would like to know what tooling Jacques used to get the kerning on these slides.</p>", "time": "2022-07-28T21:57:41Z"}, {"author": "Martin Thomson", "text": "<p>QUIC is a nightmare of complexity :)</p>", "time": "2022-07-28T21:57:51Z"}, {"author": "Andrew Fregly", "text": "<p>I turned up my headset volume</p>", "time": "2022-07-28T21:57:55Z"}, {"author": "Benjamin Kaduk", "text": "<p><span class=\"user-mention\" data-user-id=\"595\">@Andrew Fregly</span>  just remember to turn it back down before anyone else talks</p>", "time": "2022-07-28T21:58:50Z"}, {"author": "Martin Thomson", "text": "<p>I think that the kerning is a font thing based on what I'm seeing.</p>", "time": "2022-07-28T21:59:09Z"}, {"author": "Nick Sullivan", "text": "<p>Note that this might need more than just an extension. A new certificate_type would likely need to be defined.</p>", "time": "2022-07-28T21:59:16Z"}, {"author": "Benjamin Kaduk", "text": "<p>Is Nick talking about Jacques' thing or Viktor's thing?</p>", "time": "2022-07-28T21:59:40Z"}, {"author": "Nick Sullivan", "text": "<p>Viktor's thing.</p>", "time": "2022-07-28T21:59:50Z"}, {"author": "Martin Thomson", "text": "<p>Are these domain name SANs?</p>", "time": "2022-07-28T22:00:00Z"}, {"author": "Benjamin Kaduk", "text": "<blockquote>\n<p>kerning is a font thing based on what I'm seeing</p>\n</blockquote>\n<p>Hmm, <a href=\"https://datatracker.ietf.org/doc/slides-114-dance-leveraging-dnssec-for-digital-identity-trust-registries/02/\">https://datatracker.ietf.org/doc/slides-114-dance-leveraging-dnssec-for-digital-identity-trust-registries/02/</a> shows only a PDF upload, and viewing the PDF natively I think I see the same as you.  Which seems to implicate the \"conversion\" step that is used to turn the slides from the datatracker into jpgs used by the streaming software.</p>", "time": "2022-07-28T22:02:06Z"}, {"author": "Nick Sullivan", "text": "<p>Question Viktor's draft that I might have missed. Is TLS 1.2 supported because we expect that some (D)TLS implementations do not have (D)TLS 1.3 support but will be willing to implement this draft before deploying 1.3?</p>", "time": "2022-07-28T22:03:38Z"}, {"author": "Martin Thomson", "text": "<p><span class=\"user-mention\" data-user-id=\"366\">@Nick Sullivan</span> That's essentially the answer I got when I just asked.  I think that that is a reasonable thing, particularly for existing deployments, who might only be looking to provide an alternative trust anchor system.</p>", "time": "2022-07-28T22:05:01Z"}, {"author": "Benjamin Kaduk", "text": "<p>Given OpenSSL's stance on DTLS 1.3, that seems to be a likely candidate.</p>\n<p>And I think the points that I found most compelling were not really about the codebase being unwilling to write in the 1.3 support, but rather that there is a deployed base where the incremental update within 1.2 is feasible but there are logistical constraints (e.g., flash storage, QA certification) that prevent the deployed devices from updating to 1.3.</p>", "time": "2022-07-28T22:05:11Z"}, {"author": "Martin Thomson", "text": "<p>People are welcome to use the NSS DTLS 1.3 implementation.  We're not done yet, but it's close.</p>", "time": "2022-07-28T22:05:40Z"}, {"author": "Tim Wicinski", "text": "<p>Not thrilled about another RR at a zone apex.</p>", "time": "2022-07-28T22:07:09Z"}, {"author": "Martin Thomson", "text": "<p>I don't understand why you can't rely on configuration for trust anchors.</p>", "time": "2022-07-28T22:07:31Z"}, {"author": "Jim Fenton", "text": "<p>I can picture political problems with IANA having country-specific trust registries</p>", "time": "2022-07-28T22:07:37Z"}, {"author": "Martin Thomson", "text": "<p><span class=\"user-mention\" data-user-id=\"99\">@Jim Fenton</span> Why would you even expect to be able to trust $COUNTRY for this purpose?</p>", "time": "2022-07-28T22:07:59Z"}, {"author": "Martin Thomson", "text": "<p>...whatever this purpose really is.</p>", "time": "2022-07-28T22:08:12Z"}, {"author": "Jim Fenton", "text": "<p>@Martin Exactly my point.</p>", "time": "2022-07-28T22:08:23Z"}, {"author": "Martin Thomson", "text": "<p>Put differently, why does the flow of trust follow the DNS hierarchy?</p>", "time": "2022-07-28T22:09:01Z"}, {"author": "Hugo Salgado", "text": "<p><span class=\"user-mention silent\" data-user-id=\"48\">Tim Wicinski</span> <a href=\"#narrow/stream/55-dance/topic/jabber/near/32055\">said</a>:</p>\n<blockquote>\n<p>Not thrilled about another RR at a zone apex.</p>\n</blockquote>\n<p>Or you can start in <a href=\"http://_trustregistry.arpa\">_trustregistry.arpa</a> too</p>", "time": "2022-07-28T22:09:33Z"}, {"author": "Jabber", "text": "<p>mcr: Paul, IANA because DNSSEC.</p>", "time": "2022-07-28T22:10:46Z"}, {"author": "Tim Wicinski", "text": "<p>I will ask \"why not a TXT Record\" and I will now show myself out</p>", "time": "2022-07-28T22:13:00Z"}, {"author": "Benjamin Kaduk", "text": "<p>Excellent, so then you won't be here to hear me propose a new RRTYPE in the parent zone!<br>\n&lt;ducks&gt;</p>", "time": "2022-07-28T22:13:29Z"}, {"author": "Jacques Latour", "text": "<p>yes, root zone because of DNSSEC</p>", "time": "2022-07-28T22:13:32Z"}, {"author": "John O'Brien", "text": "<p>I was thinking, \"Why not a PTR RR?\", and will show my self out after Tim.</p>", "time": "2022-07-28T22:13:47Z"}, {"author": "Rolf Sonneveld", "text": "<p>I don't see the speaker</p>", "time": "2022-07-28T22:14:52Z"}, {"author": "Michael B", "text": "<p>There's a lot of acronyms here...</p>", "time": "2022-07-28T22:14:53Z"}, {"author": "Benjamin Kaduk", "text": "<p>I think at least half of them are \"standard\" IETF things, at least.  But yes, lots of acronyms.</p>", "time": "2022-07-28T22:15:25Z"}, {"author": "Rolf Sonneveld", "text": "<p>Thanks, I now see him</p>", "time": "2022-07-28T22:15:47Z"}, {"author": "Jim Fenton", "text": "<p>Acronyms are a strong tradition for aircraft things</p>", "time": "2022-07-28T22:16:05Z"}, {"author": "Benjamin Kaduk", "text": "<p>IKO is one I'm not familiar with.</p>", "time": "2022-07-28T22:16:31Z"}, {"author": "Benjamin Kaduk", "text": "<p>or rather, ICAO, the internet informs me.</p>", "time": "2022-07-28T22:16:50Z"}, {"author": "Michael B", "text": "<p>Ah, I missed a few that were defined in the first slide.</p>", "time": "2022-07-28T22:17:27Z"}, {"author": "Jabber", "text": "<p>mcr: thinks ICAO should be pronounced I-COW.</p>", "time": "2022-07-28T22:24:29Z"}, {"author": "Jim Fenton", "text": "<p>I've heard it pronounced that way, yes.</p>", "time": "2022-07-28T22:24:51Z"}, {"author": "Martin Thomson", "text": "<p>Apple has a policy of not announcing upcoming products.</p>", "time": "2022-07-28T22:25:02Z"}, {"author": "Jabber", "text": "<p>mcr: iCOW</p>", "time": "2022-07-28T22:25:30Z"}, {"author": "Martin Thomson", "text": "<p>If size is a thing, then cTLS.</p>", "time": "2022-07-28T22:26:11Z"}, {"author": "Jabber", "text": "<p>mcr: Apple's take on animal-free meat, perhaps.</p>", "time": "2022-07-28T22:26:14Z"}, {"author": "Benjamin Kaduk", "text": "<p>OpenSSL raw public key support is in <a href=\"https://github.com/openssl/openssl/pull/18185\">https://github.com/openssl/openssl/pull/18185</a></p>", "time": "2022-07-28T22:27:23Z"}]