Hiya, On 07/11/17 02:48, Flemming Andreasen wrote: >> > We didn't draw any particular line, but the use case scenarios that we > tried to highlight are those related to overall security and regulatory > requirements (including public sector)
I had a quick look at the draft (will try read properly en-route to ietf-100) and I followed the reference to [1] but that only lead to a forest of documents in which I didn't find any reference to breaking TLS so far at least. Can you provide an explicit pointer to the exact document on which that claim is based? I'd also claim that your reference to PCI-DSS is misleading, as that same spec also explicitly calls for there to be good key management specifically including minimising the number of copies of keys, so at most, one might be able to claim that PCI-DSS is ok with people who break TLS in a nod-and-a-wink manner. But if you do have a real quote from PCI-DSS that calls for breaking TLS then please do also send that (it's been asked for a bunch of times without any answer being provided so far). Thanks, S. [1] https://tools.ietf.org/html/draft-camwinget-tls-use-cases-00.html#ref-NERCCIP
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
