| From: | Nico Williams <nico(at)cryptonector(dot)com> |
|---|---|
| To: | * Neustradamus * <neustradamus(at)hotmail(dot)com> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "simon(at)josefsson(dot)org" <simon(at)josefsson(dot)org>, "alexey(dot)melnikov(at)isode(dot)com" <alexey(dot)melnikov(at)isode(dot)com> |
| Subject: | Re: RFC 9266: Channel Bindings for TLS 1.3 support |
| Date: | 2025-11-21 17:30:00 |
| Message-ID: | aSChmBhT/dilPDwP@ubby |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Nov 21, 2025 at 08:30:42AM +0000, * Neustradamus * wrote:
> Dear Heikki,
>
> Thanks for your answer.
>
> Several people would like to deprecate "tls-server-end-point" (RFC 5929) like Simon Josefsson (author of several RFCs) because RFC 9266 exists since July 2022:
We must either fix or _replace_ tls-server-end-point (TSEP), but we
cannot not have end-point-style CB. I followed up to Simon with reasons
for why. Those followups will also answer Heikki's questions about
pros/cons.
That said, for _PG_ I think the exporter CB are almost certainly better.
Nico
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nico Williams | 2025-11-21 17:32:02 | Re: RFC 9266: Channel Bindings for TLS 1.3 support |
| Previous Message | Nico Williams | 2025-11-21 17:27:48 | Re: RFC 9266: Channel Bindings for TLS 1.3 support |