Colleagues. There is a question over whether the results of Adam Langley's work on anomalous bahaviour in common TLS stack implementations is in or out of scope for the WPKOPS activity, and whether the draft charter properly reflects the answer to that question. There have been no objections that I am aware of to including the work. It merely remains to ensure that the charter makes it clear.
I propose adding the following statement to the list of example problems: "Finally, varying interpretations of the protocol specifications and implementation errors result in interoperability failures and introduce security vulnerabilities in the TLS stack." Do people think this is sufficient, or is a more radical rewrite called for in which the emphasis is on TLS and its supporting infrastructure? All the best. Tim. _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
