> > Having said this, I could imagine that a "MUST" for TLS for > the ALTO > > base protocol spec could avoid IESG pushback from the security area. > > If so, I think a statement similar to IPFIX would be useful. > > This isn't a topic to avoid IESG pushback, it is rather a > topic of having a protocol that allows secured deployments > across an untrusted network. And it should be up to the > operator of the server to decide how much security is needed. > > This is currently reflected in the draft (-14).
For what it is worth, the exact phrasing in -14 confuses me: "An ALTO Server MUST support SSL/TLS [RFC5246] to implement server and/or client authentication, encryption, and/or integrity protection." I could read this in a way that the ALTO server MUST announce all services on HTTPS URIs, and this is certainly not what we want. (And, having "and/or" in a MUST statement might not be perfect.) If the consensus is the MUST, I'd at least prefer Sebastian's wording: "Any ALTO implementation MUST support SSL/TLS [RFC5246]". Michael _______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
