|
RMS said: "How should an SDO respond? I'm not sure. I'm only sure that I don't like getting DoSed, either into dropping a standard or into not implementing it for fear of infringing." [BA] A bit of history. While this draft generalizes the notion of a TLS key material exporters, the concept is basic to key derivation within TLS, as well as within applications depending on TLS. As an example, DTLS/SRTP as well as TLS-based EAP methods (including EAP-TLS, PEAP, EAP-TTLSv0, EAP-FAST, etc.) utilize TLS key material export. So if we only have the option of "dropping the standard" or "not implementing it" then we are left with an unpleasant choice indeed. [RMS] "It is better to have no standard than have a standard that invites people into danger." Outstanding! Some corollaries: It is better to sleep in the outdoors than to live in a house that could fall down in an earthquake. It is better to starve than to eat food that could make you sick. It is better to walk with bare feet than to wear shoes that could cause blisters. It is better to ride a horse than to drive a car that could crash. It is better to be wear a blindfold than to watch a movie that could turn out to be unpleasant. |
_______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf