Jacob Appelbaum <ja...@appelbaum.net> writes: >On 12/4/15, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: >> Jacob Appelbaum <ja...@appelbaum.net> writes: >>>TCP/IP and DNS are out of scope, though obviously related. >> Why are they out of scope? > >They are out of scope for the TLS working group as far as I understand the >organization of the IETF in terms of mandate. Am I incorrect?
They're out of scope in that TLS can't impose behaviour on DNS, but they're not out of scope when it comes to considering what impact DNS has on TLS. For example the whole reason why TLS has certificates is because the TLS (well, SSL then) folks realised that DNS wasn't secure, and that TLS had to deal with that issue. Otherwise, the SSL folks could have just said that DNS issues are out of scope, and we'll wait for DNSSEC to appear at some point and fix things (this is speaking from a 1995 time frame). >Or they could just call MinimaLT or CurveCP with mandatory Elligator TLS 1.3 >and be done with it. That would probably be an easier process than the current one, provided you're ready to commit completely to the Bernstein monoculture. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
