On 12/03/2024 22:06, Eric Rescorla wrote:
I don't think we should make statements about regulatory requirements in this kind of specification. That's not our lane.
I'd weakly disagree about making statements such as suggested, while agreeing with "not out lane." I don't think the text I suggested crosses that line, but it's fine if others disagree of course. I'd also be ok if we only stated that emitting these logs in production systems means not deploying state of the art security and letting the rest of the world connect the dots. Cheers, S. PS: to be clear, I'm not objecting to progression if my suggestion isn't adopted.
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
