Matt This document is extremely well written and describes the needs of enterprises well, IMHO. I believe and have heard, there are similar needs beyond the enterprise realm, but since we are the only ones formally expressing concerns, so be it.
The detail on the implementation, as well as the details on why other alternative solutions are not viable/sufficient, is very good and will help focus any related conversations. I very much hope this can be on the agenda at IETF 99. Thanks for your very productive efforts on this. Mike From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Matthew Green Sent: Friday, July 7, 2017 3:03 AM To: tls@ietf.org Subject: [TLS] draft-green-tls-static-dh-in-tls13-01 The need for enterprise datacenters to access TLS 1.3 plaintext for security and operational requirements has been under discussion since shortly before the Seoul IETF meeting. This draft provides current thinking about the way to facilitate plain text access based on the use of static (EC)DH keys on the servers. These keys have a lifetime; they get replaced on a regular schedule. A key manager in the datacenter generates and distributes these keys. The Asymmetric Key Package [RFC5958] format is used to transfer and load the keys wherever they are authorized for use. We have asked for a few minutes to talk about this draft in the TLS WG session at the upcoming Prague IETF. Please take a look so we can have a productive discussion. Of course, we're eager to start that discussion on the mail list in advance of the meeting. The draft can be found here: https://tools.ietf.org/html/draft-green-tls-static-dh-in-tls13-01 Thanks for your attention, Matt, Ralph, Paul, Steve, and Russ The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies. Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
