All, We had a great turnout tonight for the encrypted SNI hangout session. Everyone seemed open and willing to work together to understand the complexities that sit before us. Several interesting and important views were expressed, and I feel that the meeting was ultimately a success. In fact, I believe we should do more hangout sessions like this.
Take aways from the meeting: 1) We are starting to understand the problem that we are trying to solve 2) We need to ensure that any potential solution will in fact solve the problems as we understand it and not make the problem worse 3) We need to compile a list of use cases and scenarios in a draft document that talk about how the SNI (for good or for bad) is being used today and what an encrypted SNI will mean for these use cases. 4) We need to make sure we get feedback and information from at least the telco sector, large enterprise, financial sector, and the health care sector. I believe this information will help us better understand both sides of the issue, shed light in to what it will mean, help us define the "why" we are doing this, and ultimately feed and foster a better technological solution. If you have or know of scenarios or use-cases where the SNI is being used by network operators, system administrators, security engineers, products, etc, please send them to me so I can start compiling them in to a draft document. Side question, it feels like this effort could represent a lot of work and require a lot of dedicated cycles. Does it make sense to continue this effort inside of the TLS WG? If it does, will the WG give us the time, mindshare, and cycles to focus on it (just asking the hard question)? Once again, thanks all for attending the session tonight. Bret -- Sent from my TI-99/4A PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
