ietf
[Top] [All Lists]

Re: WG Review: CURves, Deprecating and a Little more Encryption (curdle)

2015-12-09 05:11:06


On 09/12/15 10:43, tom p. wrote:

----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
To: "Harald Alvestrand" <harald(_at_)alvestrand(_dot_)no>; 
<ietf(_at_)ietf(_dot_)org>
Sent: Monday, December 07, 2015 11:30 AM

Hiya,

On 07/12/15 11:23, Harald Alvestrand wrote:
I think there's a piece of backstory here I'm not getting....

Den 04. des. 2015 18:05, skrev The IESG:
The protocols in scope are Secure Shell (SSH), DNSSEC, PKIX, CMS,
XML
Digital Signatures and potentially Kerberos and JSON.

Why is TLS not included?

It seems likely that the answer is one of:

1) TLS is already up-to-date in the space this group is limited to
2) TLS work is being done in the TLS working group

The latter, and a bit of the former:-)

There is also an active SSH list (albeit only about 5 message p.d.
lately which would barely be noticed on the TLS list:-(  and Simon has
posted a message to the curdle list identifying some of that work; and
you yourself have posted to it so you know about it!

Conversely, I do not see most of those active on the SSH yet taking part
in curdle (nor do I see any mention of curdle on the SSH list).

Good point. I'll do that now.


Setting up this WG to look at SSH would seem divisive and unlikely to
gain any meaningful momentum.

I don't get what you mean. AFAIK, there's no current proposal to
re-form an SSH working group. There is some chat on the list along
those lines but I didn't interpret that as indicating that folks
want to do a new WG. (If they did, I'd be happy to assist in
getting that done.)


I do think that the Security Area should be reaching out far more to
other areas to pro-actively provide guidance but do not think that this
proposal has got it quite right.

Again, I'm not sure what you mean, can you clarify?

Ta,
S.


Tom Petch


In both cases, it would be nice to say so in the charter.

The charter text tries to do that generically but does mention
TLS specifically in this bit:

  "Where there is an IETF working group or area group with expertise
in
   a relevant topic the CURDLE working group will defer to the
   consensus of the more specific working group as to where work will
   be done. For example, the TLS, OpenPGP and IPSECME WGs are actively
   considering some of these topics. "

Cheers,
S.