On 2/21/15 4:50 AM, t.p. wrote:
----- Original Message -----
From: "Pete Resnick" <presn...@qti.qualcomm.com>
To: "Richard Barnes" <r...@ipv.sx>
Sent: Friday, February 20, 2015 8:22 PM
On 2/20/15 1:43 PM, Richard Barnes wrote:
On Fri, Feb 20, 2015 at 2:12 PM, Stephen Farrell
<stephen.farr...@cs.tcd.ie <mailto:stephen.farr...@cs.tcd.ie> wrote:
The sense of the UTA Working Group was to complete
work on this document about best practices for TLS in
general, and to initiate work on a separate document
about opportunistic TLS.
No, I don't believe we've decided that UTA will be the place where
we develop a BCP on OS. [...]
How about: "The sense of the UTA Working Group was to complete work
on this document about best practices for TLS in general, and to
leave recommendations about opportunistic TLS for future work."
Or we could drop mention of the WG entirely:
"This document specifies best practices for TLS in general. A separate
document with recommendations for the use of TLS with opportunistic
security is to be completed in the future."
Pete
As you may recall, this is in the charter for UTA. The wording is
slightly different but as you clarified last October
=============================
From the UTA Charter:
"- Consider, and possibly define, a standard way for an application
client and server to use unauthenticated encryption through TLS when
server and/or client authentication cannot be achieved."
Orit has it exactly correct: What people are now referring to as
"opportunistic TLS" is what the charter refers to as "unauthenticated
encryption through TLS". That was the IESG's intention when the charter
was approved.
It is up to the WG whether this document will additionally discuss the
issue of doing authentication in an opportunistic manner.
I think references to the Opportunistic Security draft are perfectly
reasonable.
(And just to be clear: One of the primary reasons that the term
"opportunistic encryption" was not chosen for the title of the O-S
document is because the term "opportunistic encryption" was already used
by RFC 4322 in an incompatible way. Claims that it is "yet to be
defined" are simply mistaken.)
===================================
so it seems to me that the decision now is that the UTA WG will do it in
a separate document (or else will have a revised charter).
I read the -09 text as saying, "The WG considered this, but decided that
there will be a separate document." There is nothing in the charter that
says how many documents to work on, and Stephen and Richard wanted to
make it clear that the WG hasn't decided what (if anything) it wants to
say about OS. So we made the text softer on this point. I don't think
there's anything inconsistent with what I said before. I don't see the
circumstance in which a revised charter will be needed.
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
