On 2020-09-02 11:05 a.m., Joe Clarke (jclarke) wrote:
Hello, opsawg. This draft as underwent a number of revisions based on reviews
and presentations at the last few IETF meetings. The authors feel they have
addressed the issues and concerns from the WG in their latest posted -05
revision. As a reminder, this document describes how to use (D)TLS profile
parameters with MUD to expose potential unauthorized software or malware on an
endpoint.
To that end, this serves as a two-week call for adoption for this work. Please
reply with your support and/or comments by September 16, 2020.
I have read the document in a number of different revisions, and I
support adoption.
I have been concerned that this document codifies a kind of TLS snooping
by middle boxes which has in the past caused significant harm to
development of TLS. (In particular, TLS version negotiation has had to
evade existing middle box policies!)
However, this document seems to walk the fine line between causing
protocol ossification and providing real security. To the extent that
it reduces the pressure by enterprises to invade the TLS encryption
envelope through use of Enterprise certificates [is there a term for the
activity describe in section 4.1? I wish there was] this document is a
very useful thing.
I would like to suggest that upon adoption, that this document go
through a TLS WG review of some sort before OPSAWG does a WGLC.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
