Re: [IAB] IAB report to the community for IETF 103

Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> · Sun, 18 Nov 2018 22:50:37 -0500



    Would it be appropriate for IETF to issue an RFC that states that
      despite the similarity in names, use of such variants of TLS MUST
      NOT be used to claim compliance with IETF specifications requiring
      TLS, and generally warning the IETF community of deliberate
      efforts to weaken application security?

      
      It seems like these efforts deserve wider public exposure.
    Keith

    
    On 11/12/18 5:07 AM, Ted Hardie wrote:

    
        On Sun, Nov 11, 2018 at 6:57 PM S Moonesamy <sm+ietf@xxxxxxxxxxxx> wrote:

          
              ETSI TS 103 523-3 V1.1.1 specifies some changes to RFC
              8446.  Does 

              the IAB have an opinion on its potential impact on the
              Internet trust 

              model and the risk of fragmentation if multiple
              jurisdictions 

              required it through regulation?

              
            The IETF security ADs provided
                feedback to ETSI on this ETSI work last year and
              ETSI responded in liaison statement CYBER(17)011006r1. 
              The IAB generally agreed with the IETF security Area
              Directors' analysis. 
            

            regards,
            

            Ted Hardie