Hi Ekr, Sorry for using wrong terminology. I changed subject accordingly.
On 13.09.25 16:37, Eric Rescorla wrote:
I thought this specific step has already been done. Is there something more to it than [1]? I see 3 Yes and no objection. There was no blocking comment either. Everything seemed going well to me.The way this works is that IESG will ballot on a draft charter
I'm not sure if that's true or not. I'd have to see some actual substantive text in a draft, not a mailing list thread. What I've seen so far in drafts seems insufficient.
Sure, we'll update the draft. But the way I view it is like this: security goals => formal analysis => security considerationsSo one of the aims of the thread was to ask if someone could think of any other security goal in the mean time, and definitely not to say that the security consideration section is ready for review.
We are not yet there for any draft in TLS but I do believe that reviewing analysis artifacts as mentioned in [2] is quite an extensive work for these experts. Whereas lightweight review of a summary page every four months and saying that "the overall direction is correct" or "we rather recommend doing this or trying that" seemed like much easier and distributed over time to me.I don't think this is a good idea. The reason for a TLS FATT is that TLS is regularly producing new drafts and needs some streamlined way to ask for input without bogging analysis experts down in the more mundane work of TLS WG.
I am not aware of how exactly it was done, or what exactly that would mean in our case.That's not the situation here, and a much better model is what we had in TLS 1.3 where analysis experts worked hand-in-hand with less academically inclined members of the WG to develop the protocol.
Usama [1] https://datatracker.ietf.org/doc/charter-ietf-seal/ballot/[2] https://github.com/tlswg/tls-fatt?tab=readme-ov-file#working-group-last-call-wglc
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
