On 7/14/17 6:45 PM, Yoav Nir wrote: >> On 14 Jul 2017, at 18:35, Joseph Lorenzo Hall <j...@cdt.org> wrote: >> Just want to +1 the notion that this should be opt-in for both sides and in >> an extension! > It’s a good notion, but “we have to change one side” usually wins over “we > have to change both sides”
Something that demands a forklift upgrade of both/all sides at the same time tends not to be deployed, ever (look at the history of NAT/firewall traversal technologies in the IETF, as one example). I'm basically in agreement with Stephen and Uri here but now that I'm working for a company that's providing services I'm becoming more aware of the real need for network monitoring. It does need to be discussed somewhere but I don't think that that discussion needs to take place in the TLS working group in the context of this one particular proposal. There's more than one way to solve this problem and while the fact that these folks want to keep solving it basically the same way that they have in the past is interesting but perhaps not as compelling as it could be. It might make sense to kick it over to ops for a discussion with people whose meat and potatoes is monitoring, management, and measurement. It needn't necessarily stay there but I think that there are a bunch of options that need to be sorted through. I can't really see the static Diffie-Hellman proposal going anywhere quickly, anyway, to be honest, so might as well use that time to develop a fuller understanding of the potential solutions to the problem. Melinda
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls