Hi, I haven't been active on IETF lists in a while but would also like to state my clear intention not to have any feature as such standardized. As has been discussed and pointed out in this thread repeatedly: this *is* already and can always be a (preferably) default disabled implementation specific feature. Any standardization and proliferation of features like these will cause maybe otherwise unintended harm towards unsuspecting end users. It took many in the community years past 2013 to disable, compile-out/redact or otherwise remove many of the previously enormous amount of options some Linux and Unix flavors distributed open source crypto libs or network services for that enabled users to make stupid, unreflected decisions when configuring otherwise standard network services like http or smtp/imap etc.: from RNG inputs to DH params and exponent files. As far as I know on eg. AIX even today OpenSSH still builds in the most peculiar ways. But otherwise on most modern production distributions and end user / development focused operating systems and programming languages this has been ironed out over long discussions, amendments to man pages and a complete Linux kernel RNG redesign. Please let's not do this all over again. it's just another easy entry point for supply chain attacks or might serve as a rationale for vendors like pegasus that their intentions are really ours as long as they are under LI / gov contract no matter what's the end result.
All the best, Aaron Zauner _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
