Hi Med, I've responded to Jean-Michel. I don't think that this leads to changes, though your suggested change to the abstract is a welcome addition.
https://mailarchive.ietf.org/arch/msg/last-call/WQ220gqFAyqTF5T8iVdFuTcP_l8/ https://github.com/tlswg/sslkeylogfile/pull/28 covers the changes you suggested. On Mon, May 19, 2025, at 22:18, Mohamed Boucadair via Datatracker wrote: > In reference to the first point, I’d like to remind that BCP 195 includes the > following: > > Nevertheless, this > document does not discourage software from implementing NULL > cipher suites, since they can be useful for testing and debugging. I disagree with this; see my response to Jean-Michel, linked above. > Can we mention other guards such as those mentioned in the OPSDIR review > (e.g., > right managements)? There's a mention of that in the security considerations: > Implementations that support logging this data need to ensure that logging > can only be enabled by those who are authorized. (There's more than that, but that's the key sentence, I think.) _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
