Kathleen Moriarty <kathleen.moriarty.i...@gmail.com> wrote: > The chairs provided text for an updated charter in line with the newly > adopted working group items. The recharter text has been posted and > I'd like to give the WG a little time to comment prior to adding this > to a telechat for review.
> Here is a link: > http://datatracker.ietf.org/doc/charter-ietf-ipsecme/ I agree with Paul Wouters that inclusion of channel binding into the charter is probably premature, and does not really jive with opportunistic security concepts that the application should not know/care that it is private, as there should be no extra authorization implied. Channel Binding is clearly easiest to implement if you can annotate individual TCP connections with their security properties, and this is probably easiest to do if you do kernel modifications. However, the draft-ietf-btns-abstract-api (which was never published) was designed specifically so that it did not require kernel changes, and proof of concept implementation back in 2005 (ish) did not require kernel changes. Still, I think that channel binding should be left off the charter for now: mostly because I don't think that we have the right people here to actually get the work done in a way that would result in a deployed standard. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
pgpfhCcaHAa6Q.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec