Hiya,
Assuming you live in the EU, your assertion is not accurate. In
November of last year, the European Council adopted a EU wide Resolution
on Encryption. See at
https://data.consilium.europa.eu/doc/document/ST-13084-2020-REV-1/en/pdf
Clause 6 establishes a regulatory framework, and clause 7 calls for the
same kind of development activity being undertaken by the NCCoE - which
is ensuing in multiple venues, including ETSI.
Worth notice are the use cases discussed at the related workshop last
September in which IETF representatives participated. See
https://www.nccoe.nist.gov/events/virtual-workshop-challenges-compliance-operations-and-security-tls-13.
Perhaps there is another jurisdiction somewhere in the world that might
be absolute in their commitment to extreme IETF TLS 1.3 implementations,
although its existence is not clear. Historically, in the late 80s and
early 90s, the IETF was more helpful in implementing the early TLS
protocols eventually adopted by ISO/CCITT without extreme rhetoric. See
at
https://www.nist.gov/publications/secure-data-network-system-sdns-network-transport-and-message-security-protocols
Inquiring minds might also ask if such a posting to this list is
appropriate for anyone involved in IETF management.
best,
tony
On 28-Sep-21 5:32 PM, Stephen Farrell wrote:
Hiya,
On 28/09/2021 17:53, Salz, Rich wrote:
This will be of interest to some on this list. Quoting: “The NCCoE
at NIST recognizes the challenges associated with compliance,
operations, and security when enterprises employ encrypted protocols,
in particular Transport Layer Security (TLS) 1.3, in their data
centers. This project will use commercially available technologies to
demonstrate a range of approaches for enabling necessary
intra-enterprise access to unencrypted/decrypted information.
I'm glad I'm not a tax payer in a jurisdiction that's
encouraging people to weaken the security properties this
WG has tried hard to improve. I wonder do other parts of
NIST sponsor work like that - it'd be a bit like [1]
producing specs on how to get your thumb on the scales;-)
From my perspective this kind of thing also makes it harder
to figure out what overall evaluation to associate with the
agency that produced AES, dual-ec, this stuff, and presumably
some PQ alg "winners" in the near future. Quite the mixed
bag that.
Cheers,
S.
[1] https://www.nist.gov/pml/weights-and-measures
More at
https://www.nccoe.nist.gov/projects/building-blocks/applied-cryptography/addressing-visibility-challenges-tls-13
including how to participate.
_______________________________________________ TLS mailing list
TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
