Hi all, Just wondering why anyone thinks this armchair lawyering is appropriate to send to this list (not that I disagree with Ruslan here).
Perhaps someone could, I don’t know, act as a chair. ymmv thanks, Rob On Wed, Sep 29, 2021 at 11:31 PM Ruslan N. Marchenko <m...@ruff.mobi> wrote: > Hi Tony, > > First of all EC Resolution is not a legal document, it's a legal > initiative. The resolution is a "call for action" but not an action per se > - there's no legal consequence other than it is possible to bring this > initiative now to european parliament. > Second - any member of any security body, be them management or common > member, should raise similar concerns as Stephen as to why on earth I > should support [unvoluntary, with my taxes] the initiative to degrade the > level of my confidentiality . > > The resolution raised the similar discusision in non-security groups - > such as this > https://www.europarl.europa.eu/doceo/document/P-9-2020-006076_EN.html - > and I would expect IETF to raise such questions in the first place before > even starting technical discussion on the subject - which is raised by > Stephen. > > Although I agree the tone might be tuned to be more inviting for > discussion I personally do no see anything to discuss, such requirement > [visibility to third party] simply cannot be made part of the protocol > which claims to provide confidentiality. It must be separate protocol then > which does not put such claim. > > > Regards, > Ruslan > > Am Mittwoch, dem 29.09.2021 um 18:21 -0400 schrieb Tony Rutkowski: > > Hiya, > > Assuming you live in the EU, your assertion is not accurate. In November > of last year, the European Council adopted a EU wide Resolution on > Encryption. See at > https://data.consilium.europa.eu/doc/document/ST-13084-2020-REV-1/en/pdf > Clause 6 establishes a regulatory framework, and clause 7 calls for the > same kind of development activity being undertaken by the NCCoE - which is > ensuing in multiple venues, including ETSI. > > Worth notice are the use cases discussed at the related workshop last > September in which IETF representatives participated. See > https://www.nccoe.nist.gov/events/virtual-workshop-challenges-compliance-operations-and-security-tls-13 > . > > Perhaps there is another jurisdiction somewhere in the world that might be > absolute in their commitment to extreme IETF TLS 1.3 implementations, > although its existence is not clear. Historically, in the late 80s and > early 90s, the IETF was more helpful in implementing the early TLS > protocols eventually adopted by ISO/CCITT without extreme rhetoric. See at > https://www.nist.gov/publications/secure-data-network-system-sdns-network-transport-and-message-security-protocols > > Inquiring minds might also ask if such a posting to this list is > appropriate for anyone involved in IETF management. > > best, > tony > > > On 28-Sep-21 5:32 PM, Stephen Farrell wrote: > > > Hiya, > > On 28/09/2021 17:53, Salz, Rich wrote: > > This will be of interest to some on this list. Quoting: “The NCCoE > at NIST recognizes the challenges associated with compliance, > operations, and security when enterprises employ encrypted protocols, > in particular Transport Layer Security (TLS) 1.3, in their data > centers. This project will use commercially available technologies to > demonstrate a range of approaches for enabling necessary > intra-enterprise access to unencrypted/decrypted information. > > > I'm glad I'm not a tax payer in a jurisdiction that's > encouraging people to weaken the security properties this > WG has tried hard to improve. I wonder do other parts of > NIST sponsor work like that - it'd be a bit like [1] > producing specs on how to get your thumb on the scales;-) > > From my perspective this kind of thing also makes it harder > to figure out what overall evaluation to associate with the > agency that produced AES, dual-ec, this stuff, and presumably > some PQ alg "winners" in the near future. Quite the mixed > bag that. > > Cheers, > S. > > [1] https://www.nist.gov/pml/weights-and-measures > > > > > More at > > https://www.nccoe.nist.gov/projects/building-blocks/applied-cryptography/addressing-visibility-challenges-tls-13 > including how to participate. > > > _______________________________________________ TLS mailing list > TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
