On 7/17/17 1:23 AM, Daniel Kahn Gillmor wrote: > Could you point me (and the list) to those requirements, please? More > specificity than "some countries" would be a useful contribution to this > discussion.
At the time when I was working on VoIP there were a few countries, such as South Africa, which required that any media streams collected as a result of a wiretap order be handed over in the clear. But this was 20 years ago and things may or may not have changed. That said, I expect their requirements can be met by having operators in those countries stick with TLS 1.2. There are things that would surprise me more right now than having proponents of weakening TLS 1.3 come back with a list of countries. Such as, for example, having representatives from service providers in those countries show up with requirements - that would surprise me, given that they haven't yet and that getting TLS 1.3 done has been a lengthy effort. At this point the request to add the static D-H proposal to TLS 1.3 strikes me as unreasonable, even given what are frankly vague references to countries requiring that data be decrypted before being handed off to law enforcement or the government. Melinda _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
