Hi Thom, On 10.07.25 12:40, Thom Wiggers wrote:
Though I think that you raise some decent points about certain types of content that document authors / the TLS community should include in drafts (I have certainly complained about unclear threat models and security goals in drafts) I don’t think that a separate “FATT Considerations” is the right way to approach this. Instead, many of these points should just be part of the main body and/or security considerations sections of relevant drafts. I think putting them in a “FATT” section both makes them an afterthought, and I think that such content is actually very relevant to a general audience, not just the FATT, as e.g. security goals are very relevant to anyone who might want to implement a certain extension (as I consider security goals as essentially another type of functionality that an extension may provide).
I am not specifically insisting on having a separate section. In fact, my original proposal (before publishing) was to have it inline in drafts without a separate section. A separate section proposal was based on the feedback I got.
If we want to develop more guidance for document authors such that “have you thought about writing this down” covers these things, we could maybe consider developing something like https://datatracker.ietf.org/doc/draft-irtf-cfrg-cryptography-specification/ for TLS (or, less formally, put some suggestions on the IETF wiki).Thank you for mentioning this. It seems helpful. I will check it out and get back to you.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
