RMS said:
"How should an SDO respond? I'm not sure. I'm only sure that I don't like
getting DoSed, either into dropping a standard or into
not implementing it for fear of infringing."
[BA] A bit of history. While this draft generalizes the notion of a TLS key
material exporters, the concept is basic to key derivation within TLS, as well
as within applications depending on TLS. As an example, DTLS/SRTP as well as
TLS-based EAP methods (including EAP-TLS, PEAP, EAP-TTLSv0, EAP-FAST, etc.)
utilize TLS key material export. So if we only have the option of "dropping
the standard" or "not implementing it" then we are left with an unpleasant
choice indeed.
[RMS] "It is better to have no standard than have a standard that invites
people into danger."
Outstanding! Some corollaries:
It is better to sleep in the outdoors than to live in a house that could fall
down in an earthquake.
It is better to starve than to eat food that could make you sick.
It is better to walk with bare feet than to wear shoes that could cause
blisters.
It is better to ride a horse than to drive a car that could crash.
It is better to be wear a blindfold than to watch a movie that could turn out
to be unpleasant.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf