Home > mailing lists

Re: RFC 9266: Channel Bindings for TLS 1.3 support - Mailing list pgsql-hackers

From	Nico Williams
Subject	Re: RFC 9266: Channel Bindings for TLS 1.3 support
Date	November 21 20:30:00
Msg-id	aSChmBhT/dilPDwP@ubby Whole thread Raw
In response to	Re: RFC 9266: Channel Bindings for TLS 1.3 support (* Neustradamus * <neustradamus@hotmail.com>)
List	pgsql-hackers

Tree view

On Fri, Nov 21, 2025 at 08:30:42AM +0000, * Neustradamus * wrote:
> Dear Heikki,
> 
> Thanks for your answer.
> 
> Several people would like to deprecate "tls-server-end-point" (RFC 5929) like Simon Josefsson (author of several
RFCs)because RFC 9266 exists since July 2022:

We must either fix or _replace_ tls-server-end-point (TSEP), but we
cannot not have end-point-style CB.  I followed up to Simon with reasons
for why.  Those followups will also answer Heikki's questions about
pros/cons.

That said, for _PG_ I think the exporter CB are almost certainly better.

Nico
--

pgsql-hackers by date:

From: Nico Williams
Date: 21 November, 20:27:48
Subject: Re: RFC 9266: Channel Bindings for TLS 1.3 support

From: Nico Williams
Date: 21 November, 20:32:02
Subject: Re: RFC 9266: Channel Bindings for TLS 1.3 support

Re: RFC 9266: Channel Bindings for TLS 1.3 support - Mailing list pgsql-hackers

Previous

Next