On 9/28/16 at 4:27 PM, melinda.sh...@nomountain.net (Melinda
Shore) wrote:
That said, IETF participation is dominated by large equipment and
software vendors and the problem space, at least until recently
(there's been a crop of data center-related problems coming up in
OPS and routing), has tended to cover service provider-related
questions. We have poor participation and representation from
enterprise networks. So now we've got someone showing up from
the enterprise space and saying "I have this problem related to
protocol changes." And yeah, he's very, very late in this
process, although it's worth pointing out that it's in the best
tradition of the IETF to deal with technical problems that crop
up with documents at any point in their development.
While I fully support trying to design protocols so applications
and networks can be managed by enterprises (and indeed home
users), I do not want to see IETF security protocols become more
complex as a result. That will only make them easy targets for
attackers. The Clipper chip shows what happens when even experts
design key recovery systems.
I hope one outcome of this thread is that industry groups which
use IETF protocols will realize that the best way to have their
needs recognized is to be active in the relevant groups from the
beginning and for the long term. I know of no other way to make
the proper tradeoffs except to have all the issues in front of
the working group from the beginning of their process. That
involvement will strengthen the IETF while making sure
enterprise issues are addressed.
Even as late comers to the process, BITS Security has gotten a
number of suggestions for ways forward which do not change the
emerging TLS 1.3 standard. Given that it will be several years
before regulators require TLS 1.3, vendors will be able step
forward to fill this need with endpoint logging as well as other
techniques embedded in "install and run" products. Given the
list of companies that Tony linked, these products should enjoy
a profitable market.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Concurrency is hard. 12 out | Periwinkle
(408)356-8506 | 10 programmers get it wrong. | 16345
Englewood Ave
www.pwpconsult.com | - Jeff Frantz | Los Gatos,
CA 95032
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
