On Wed 2018-12-05 17:08:44 +0900, Bret Jordan wrote: > Now this WG is finally starting to talk about a solution to a real > problem and need. We can either address the use case and need here in > the IETF, or we can let the solutions be done else where. I would > personally prefer we take this work item back and solve it here in the > IETF.
Or, the IETF can say with relative clarity that this kind of information
leakage is inappropriate for and incomaptible with the information
security goals of TLS.
> Finally, remember, you may not like the use case or need, but that
> does not mean the use case is not valid and needed.
Sure, but just because someone says it is, doesn't mean that the use
case is valid or needed within the scope of TLS either.
Throughout the (several years now) discussion of this sort of proposal,
we've repeatedly heard about "legal obligations" which somehow evaporate
when pressed for details. And we've heard about "operational
considerations" which typically amount to cost-shifting concerns (they
can come across as: "we've invested a bunch of money in this particular
network architecture/application design, please change the infosec
guarantees provided by TLS for everyone on the global network so that we
don't have to do an expensive re-tooling or staff up on new skills while
i'm responsible for this budget line item").
The WG is chartered to make TLS a fast, secure, confidential transport
layer. Let's keep the charter goals in mind.
--dkg
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
