This should not be dismissed as small segments of industries. This represents ubiquitous use cases at all large organizations in Insurance, Health Care, Banking, Automotive and many others. We as the IETF should not lightly dismiss such significant numbers and volume, even (or especially), if the answers are not easy ones. Do we really want related solutions to be developed elsewhere?
From: TLS <tls-boun...@ietf.org> On Behalf Of Watson Ladd Sent: Tuesday, July 23, 2019 6:58 PM To: Filippo Valsorda <fili...@ml.filippo.io> Cc: TLS List <tls@ietf.org> Subject: Re: [TLS] TLS Impact on Network Security draft updated ALERT This email was sent from a source external to BCBSM/BCN. DO NOT CLICK links or attachments unless you recognize the sender and trust the content. On Tue, Jul 23, 2019, 3:47 PM Filippo Valsorda <fili...@ml.filippo.io<mailto:fili...@ml.filippo.io>> wrote: Before any technical or wording feedback, I am confused as to the nature of this document. It does not seem to specify any protocol change or mechanism, and it does not even focus on solutions to move the web further. Instead, it looks like a well edited blog post, presenting the perspective of one segment of the industry. (The perspective seems to also lack consensus, but I believe even that is secondary.) Note how as of draft-camwinget-tls-use-cases-05 there are no IANA considerations, no security considerations, and no occurrences of any of the BCP 14 key words (MUST, SHOULD, etc.). Is there precedent for publishing such a document as an RFC? I was going to say RFC 691 but no, it recommends changes to the protocol (as well as being quite amusing). RFC 4074 comes close describing bad behavior without an explicit plea to stop doing it, but has a security considerations section. RFC 7021 describes the impact of a particular networking technique on applications. So there is precedent. Sincerely, Watson The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies. Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls