Joe Birr-Pixton

icon indicating a website link https://jbp.io

icon location Cambridge, UK

Results 280 comments of Joe Birr-Pixton

Support for all RFC5280 standard extensions

I don't think we should do completeness-for-completeness's sake. There is a lot of crap in this space, and implementing it all is largely not a good use of time. >...

[Feature Request] Expose selected certificate types in Cert Verify callbacks

https://github.com/rustls/rustls/issues/423#issuecomment-1908082743 is background on the limited implementation of RFC7250 we have. > for existing deployments of TLS that want to migrate certificate types Raw public keys are not a type...

[Feature Request] Expose selected certificate types in Cert Verify callbacks

I don't think `CertificateDer::cert_type()` makes sense, as that would admit (in the type system) certificate chains that suddenly have a raw public key in the middle. `IdentityDer` which is either...

Use CRL by default instead of OCSP on android

I guess my question on this is: reading the [documentation](https://developer.android.com/reference/java/security/cert/PKIXRevocationChecker) it seems quite clear that CRLs are the fallback from OCSP, but the observed behaviour contradicts that. The described behaviour...

Consider a reader-writer split for the unbuffered API

This seems problematic because timely and ordered execution of the proposed `WriterAction`s is a correctness property of the overall connection. For example, an application that drops a `WriterAction::FatalAlert` continues to...

Proof of concept of a reader-writer split (#2761)

> Thanks for working on this. Yes, thanks for sketching this out. I think the end result is substantially OK. I think the `WriterAction` is alright for low-assurance items, or...

Use generics instead of enum wrappers for connection types

I'm not super sure about this. I had a look at this branch in terms of docs, autocomplete and llvm-lines output: For docs, the first docs for the most important...

Support stateless resumption for QUIC 0-RTT

This would mean implementing another option from https://datatracker.ietf.org/doc/html/rfc8446#section-8 (noting the caveats in 8.2 if you lack distributed storage across nodes, and the limited nature of 8.3).

Externalise async ops

> I don't love this. It feels like a kludge to retrofit low-level needs into a high-level API. I think we should make a proper low-level API and rebuild the...

Externalise async ops

> We should async everything, state machine, public api, and trait(for example [Signer](https://docs.rs/rustls/latest/rustls/sign/trait.Signer.html#tymethod.sign)) , and then release a major version Thanks for the comment! Unfortunately async dyn traits aren't supported...