[asdfghjhgfderty]

it's insane to expect the opposite: that traffic in my own network will need to keep reaching to a certificate authorities outside to validate packages from one host to another.

if you don't understand why these 3 things are on top of tcp, well, nevermind, I was going to say you shouldn't be designing networks buy you migth be already on the quic steering committee.

most committee now are a joke so that some googler middle mamaget makes it to jr director. sigh.

[tialaramex]

The use of TLS for QUIC does not imply or require the use of the Web PKI which is what I assume you're thinking of by "certificate authorities outside to validate packages".

[csmpltn]

> "The use of TLS for QUIC does not imply or require the use of the Web PKI"

Handling certificate revocations (which would be needed to "ensure security"), does indeed imply the use of some way to check for the revocations in a timely manner. The revocation lists themselves can be tampered-with.

[tialaramex]

You've jumped from assuming the Web PKI, which isn't required, to assuming online revocation checks, which is even more not required.

[csmpltn]

So how does your imaginary version of a transport-layer guarantee a message can't be tampered with if it trusts keys which are revoked?

[ric2b]

Web PKI is not the only way to revoke keys.

[csmpltn]

> "Web PKI is not the only way to revoke keys."

You're not answering my question (we both know why), and I never mentioned anything about WebPKI in any of my comments anyways.