The current editor's copy of the keylogfile draft says: > New assignments in the "SSLKEYLOGFILE Labels" registry > will be administered by IANA through IETF Review procedure [RFC8126].
I want to ask if we think that this is the right choice. Generally, we've learned to pick more open registration policies in this working group. My inclination is to suggest that we pick Specification Required, with a recommendation to experts to reject registrations if the secret can be used to derive other secrets. For instance, we don't define a label for the resumption secret or any of the secrets that form the main trunk of the key schedule. I think that's the main reason you would push for IETF Review. I suggest we codify it, while making the registration more permissive. And we can always override any rule in an IETF consensus RFC if we really needed to (though we should not). _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
