----- Original Message ----- From: "Pete Resnick" <presn...@qti.qualcomm.com> To: "Richard Barnes" <r...@ipv.sx> Sent: Friday, February 20, 2015 8:22 PM > On 2/20/15 1:43 PM, Richard Barnes wrote: > > > > On Fri, Feb 20, 2015 at 2:12 PM, Stephen Farrell > > <stephen.farr...@cs.tcd.ie <mailto:stephen.farr...@cs.tcd.ie>> wrote: > > > >> The sense of the UTA Working Group was to complete > >> work on this document about best practices for TLS in > >> general, and to > >> initiate work on a separate document about opportunistic TLS. > > > > No, I don't believe we've decided that UTA will be the place where > > we develop a BCP on OS. [...] > > > > I'd really really hope we disentangle that discussion from this > > draft though, so please replace the last sentence with: > > > > "The sense of the UTA Working Group was to complete > > work on this document about best practices for TLS in general, and to > > for work on a separate BCP document about opportunistic security > > to be done later." > > > > FWIW: > > - That text is not mine; it has been in since -07. > > - I would personally be A-OK with UTA working on opportunistic TLS, > > especially in the sense of providing advice on how to interop with old > > stuff in ways most likely to result in TLS usage. > > - It's probably not a great idea to say that in this document > > > > How about: > > "The sense of the UTA Working Group was to complete work on this > > document about best practices for TLS in general, and to leave > > recommendations about opportunistic TLS for future work." > > Or we could drop mention of the WG entirely: > > "This document specifies best practices for TLS in general. A separate > document with recommendations for the use of TLS with opportunistic > security is to be completed in the future."
Pete As you may recall, this is in the charter for UTA. The wording is slightly different but as you clarified last October ============================= > From the UTA Charter: > "- Consider, and possibly define, a standard way for an application client and server to use unauthenticated encryption through TLS when server and/or client authentication cannot be achieved." Orit has it exactly correct: What people are now referring to as "opportunistic TLS" is what the charter refers to as "unauthenticated encryption through TLS". That was the IESG's intention when the charter was approved. It is up to the WG whether this document will additionally discuss the issue of doing authentication in an opportunistic manner. I think references to the Opportunistic Security draft are perfectly reasonable. (And just to be clear: One of the primary reasons that the term "opportunistic encryption" was not chosen for the title of the O-S document is because the term "opportunistic encryption" was already used by RFC 4322 in an incompatible way. Claims that it is "yet to be defined" are simply mistaken.) =================================== so it seems to me that the decision now is that the UTA WG will do it in a separate document (or else will have a revised charter). Tom Petch > > pr > > -- > Pete Resnick<http://www.qualcomm.com/~presnick/> > Qualcomm Technologies, Inc. - +1 (858)651-4478 > > ------------------------------------------------------------------------ -------- > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta > _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
