+1 + include "inappropriate tone" concerning the differing views of
other people and organisations. Perfect forward secrecy for all e2e
communication irrespective of the consequences is not a view held by
everyone. The IETF was once a more inclusive and tolerant body.
-t
On 30-Sep-21 2:41 AM, Rob Sayre wrote:
Hi all,
Just wondering why anyone thinks this armchair lawyering is
appropriate to send to this list (not that I disagree with Ruslan here).
Perhaps someone could, I don’t know, act as a chair. ymmv
thanks,
Rob
On Wed, Sep 29, 2021 at 11:31 PM Ruslan N. Marchenko <[email protected]> wrote:
Hi Tony,
First of all EC Resolution is not a legal document, it's a legal
initiative. The resolution is a "call for action" but not an
action per se - there's no legal consequence other than it is
possible to bring this initiative now to european parliament.
Second - any member of any security body, be them management or
common member, should raise similar concerns as Stephen as to why
on earth I should support [unvoluntary, with my taxes] the
initiative to degrade the level of my confidentiality .
The resolution raised the similar discusision in non-security
groups - such as this
https://www.europarl.europa.eu/doceo/document/P-9-2020-006076_EN.html -
and I would expect IETF to raise such questions in the first place
before even starting technical discussion on the subject - which
is raised by Stephen.
Although I agree the tone might be tuned to be more inviting for
discussion I personally do no see anything to discuss, such
requirement [visibility to third party] simply cannot be made part
of the protocol which claims to provide confidentiality. It must
be separate protocol then which does not put such claim.
Regards,
Ruslan
Am Mittwoch, dem 29.09.2021 um 18:21 -0400 schrieb Tony Rutkowski:
Hiya,
Assuming you live in the EU, your assertion is not accurate. In
November of last year, the European Council adopted a EU wide
Resolution on Encryption. See at
https://data.consilium.europa.eu/doc/document/ST-13084-2020-REV-1/en/pdf
Clause 6 establishes a regulatory framework, and clause 7 calls
for the same kind of development activity being undertaken by the
NCCoE - which is ensuing in multiple venues, including ETSI.
Worth notice are the use cases discussed at the related workshop
last September in which IETF representatives participated.
Seehttps://www.nccoe.nist.gov/events/virtual-workshop-challenges-compliance-operations-and-security-tls-13.
Perhaps there is another jurisdiction somewhere in the world that
might be absolute in their commitment to extreme IETF TLS 1.3
implementations, although its existence is not clear.
Historically, in the late 80s and early 90s, the IETF was more
helpful in implementing the early TLS protocols eventually
adopted by ISO/CCITT without extreme rhetoric. See
athttps://www.nist.gov/publications/secure-data-network-system-sdns-network-transport-and-message-security-protocols
Inquiring minds might also ask if such a posting to this list is
appropriate for anyone involved in IETF management.
best,
tony
On 28-Sep-21 5:32 PM, Stephen Farrell wrote:
Hiya,
On 28/09/2021 17:53, Salz, Rich wrote:
This will be of interest to some on this list. Quoting: “The NCCoE
at NIST recognizes the challenges associated with compliance,
operations, and security when enterprises employ encrypted
protocols,
in particular Transport Layer Security (TLS) 1.3, in their data
centers. This project will use commercially available
technologies to
demonstrate a range of approaches for enabling necessary
intra-enterprise access to unencrypted/decrypted information.
I'm glad I'm not a tax payer in a jurisdiction that's
encouraging people to weaken the security properties this
WG has tried hard to improve. I wonder do other parts of
NIST sponsor work like that - it'd be a bit like [1]
producing specs on how to get your thumb on the scales;-)
From my perspective this kind of thing also makes it harder
to figure out what overall evaluation to associate with the
agency that produced AES, dual-ec, this stuff, and presumably
some PQ alg "winners" in the near future. Quite the mixed
bag that.
Cheers,
S.
[1] https://www.nist.gov/pml/weights-and-measures
More at
https://www.nccoe.nist.gov/projects/building-blocks/applied-cryptography/addressing-visibility-challenges-tls-13
including how to participate.
_______________________________________________ TLS mailing
list [email protected] https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
