On Tue, Mar 12, 2024 at 4:04 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote:
> > I'll argue just a little more then shut up... > > On 12/03/2024 22:55, Martin Thomson wrote: > > > >> Sorry also for a late suggestion, but how'd we feel about adding > >> some text like this to 1.1? > >> > >> "An implementation, esp. a server, emitting a log file such as this > >> in a production environment where the TLS clients are unaware that > >> logging is happening, could fall afoul of regulatory requirements > >> to protect client data using state-of-the-art mechanisms." > > > I agree with Ekr. That risk is not appreciably changed by the > > existence of a definition for a file format. > I totally do consider our documenting this format increases > the risk that production systems have such logging enabled, > despite our saying "MUST NOT." So if there's a way to further > disincentivise doing that, by even obliquely referring to > potential negative consequences of doing so, then I'd be for > doing that. Aside from this particular case, I don't think technical specifications should "obliquely" refer to things. Technical specifications should be clear. -Ekr Hence my suggestion. > > S. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
