Kathleen Moriarty <kathleen.moriarty.i...@gmail.com> wrote:
> The chairs provided text for an updated charter in line with the newly
> adopted working group items. The recharter text has been posted and
> I'd like to give the WG a little time to comment prior to adding this
> to a telechat for review.
> Here is a link:
> http://datatracker.ietf.org/doc/charter-ietf-ipsecme/
I agree with Paul Wouters that inclusion of channel binding into the charter
is probably premature, and does not really jive with opportunistic security
concepts that the application should not know/care that it is private,
as there should be no extra authorization implied.
Channel Binding is clearly easiest to implement if you can annotate
individual TCP connections with their security properties, and this is
probably easiest to do if you do kernel modifications.
However, the draft-ietf-btns-abstract-api (which was never published) was
designed specifically so that it did not require kernel changes, and proof of
concept implementation back in 2005 (ish) did not require kernel changes.
Still, I think that channel binding should be left off the charter for now:
mostly because I don't think that we have the right people here to actually
get the work done in a way that would result in a deployed standard.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgpfhCcaHAa6Q.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
