On Fri, Jul 7, 2017 at 7:40 AM, Ackermann, Michael <mackerm...@bcbsm.com> wrote: > Matt > > This document is extremely well written and describes the needs of > enterprises well, IMHO. I believe and have heard, there are similar > needs beyond the enterprise realm, but since we are the only ones formally > expressing concerns, so be it.
Why does the IETF need to be involved, given this solution exists? > > > > The detail on the implementation, as well as the details on why other > alternative solutions are not viable/sufficient, is very good and will help > focus any related conversations. > > > > I very much hope this can be on the agenda at IETF 99. > > Thanks for your very productive efforts on this. > > Mike > > > > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Matthew Green > Sent: Friday, July 7, 2017 3:03 AM > To: tls@ietf.org > Subject: [TLS] draft-green-tls-static-dh-in-tls13-01 > > > > The need for enterprise datacenters to access TLS 1.3 plaintext for security > and operational requirements has been under discussion since shortly before > the Seoul IETF meeting. This draft provides current thinking about the way > to facilitate plain text access based on the use of static (EC)DH keys on > the servers. These keys have a lifetime; they get replaced on a regular > schedule. A key manager in the datacenter generates and distributes these > keys. The Asymmetric Key Package [RFC5958] format is used to transfer and > load the keys wherever they are authorized for use. > > > > We have asked for a few minutes to talk about this draft in the TLS WG > session at the upcoming Prague IETF. Please take a look so we can have a > productive discussion. Of course, we're eager to start that discussion on > the mail list in advance of the meeting. > > > > The draft can be found here: > > > > https://tools.ietf.org/html/draft-green-tls-static-dh-in-tls13-01 > > > > Thanks for your attention, > > Matt, Ralph, Paul, Steve, and Russ > > > The information contained in this communication is highly confidential and > is intended solely for the use of the individual(s) to whom this > communication is directed. If you are not the intended recipient, you are > hereby notified that any viewing, copying, disclosure or distribution of > this information is prohibited. Please notify the sender, by electronic mail > or telephone, of any unintended receipt and delete the original message > without making any copies. > > Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are > nonprofit corporations and independent licensees of the Blue Cross and Blue > Shield Association. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
