On Sat 2017-07-15 07:38:57 +0000, Dobbins, Roland wrote: >> On Jul 15, 2017, at 13:14, Daniel Kahn Gillmor <d...@fifthhorseman.net> >> wrote: >> >> * This proposed TLS variant is *never* acceptable for use on the public >> Internet. At most it's acceptable only between two endpoints within >> a datacenter under a single zone of administrative control. > > I would strongly attempt to dissuade anyone from using it across the > public Internet. I agree that it is best-suited for use on networks > within a single span of administrative control, & that's the use for > which it is intended.
How strongly would you attempt to dissuade its use across the public
Internet?
Strongly enough to support a proposal that would require this to be
opt-in from both sides, with an explicit and verifiable exfiltration
authority, so that no standard implementation of the proposed mechanism
could be accidentally turned on unilaterally without detection by the
unwitting peer?
Because the current proposal isn't nearly that strong at dissuading its
use on the public Internet.
--dkg
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
