On Jul 19, 2017 11:38 AM, "Roland Dobbins" <rdobb...@arbor.net> wrote:
On 19 Jul 2017, at 20:29, Watson Ladd wrote: Now it turns out that the requirements on solutions came from > organizational issues you never told us about. > The organizational issues have been described previously, both on the list and in the meetings; and the technical issues are quite separate from the organizational ones. The one isn't the cause of the other. In many cases, the organizational issues do not exist, yet the technical ones remain. What are the technical requirements? There is a serious technical issue here; the only reason the organizational issues were even mentioned was to provide context. I still don't see a response to how you determine unauthorized access > happened without being the authority on what access is authorized. > It's possible to have the relevant access policy information to hand without being the authority oneself. Why can't the enforcing mechanism log its enforcement? Apparently exporting the PMS from clients and servers isn't possible: I > find that hard to believe. > It isn't practical from a performance nor a network architecture perspective. We're talking one extra encryption+transmission. How is this not possible? Let's standardize an extension that exports an encrypted EMS and be done > with this debate. > That does not meet the technical requirements. Why not? It enables interception if both ends opt in with the encrypted packets. (I see I made a typo: I meant PMS) what does the green draft do this does not? There's some quite useful and constructive discussion of possible approaches taking place - I'm observing it with interest. ----------------------------------- Roland Dobbins <rdobb...@arbor.net>
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
