Separately from the question of whether to issue an RFC, we do intend to provide a liaison statement regarding this matter. -Ben On Sun, Nov 18, 2018 at 10:50:37PM -0500, Keith Moore wrote: > Would it be appropriate for IETF to issue an RFC that states that > despite the similarity in names, use of such variants of TLS MUST NOT be > used to claim compliance with IETF specifications requiring TLS, and > generally warning the IETF community of deliberate efforts to weaken > application security? > > It seems like these efforts deserve wider public exposure. > > Keith > > On 11/12/18 5:07 AM, Ted Hardie wrote: > > On Sun, Nov 11, 2018 at 6:57 PM S Moonesamy <sm+ietf@xxxxxxxxxxxx > > <mailto:sm%2Bietf@xxxxxxxxxxxx>> wrote: > > > > > > ETSI TS 103 523-3 V1.1.1 specifies some changes to RFC 8446. Does > > the IAB have an opinion on its potential impact on the Internet trust > > model and the risk of fragmentation if multiple jurisdictions > > required it through regulation? > > > > > > The IETF security ADs provided feedback to ETSI > > <https://datatracker.ietf.org/liaison/1538/> on this ETSI work last > > year and ETSI responded in liaison statement CYBER(17)011006r1. The > > IAB generally agreed with the IETF security Area Directors' analysis. > > > > regards, > > > > Ted Hardie
