Reply LS from ETSI TC CYBER to IETF Security area directors regarding “enterprise TLS”
|From Contact||Sonia Compans|
The IETF Chair
|Liaisons referred by this one||
Statement from the IETF SEC Area Directors regarding "enterprise TLS"
ETSI TC CYBER thanks the IETF Security Area Directors for their LS regarding “enterprise TLS,” and expresses its interest in working with the IETF to resolve any perceived concerns in implementing variants of Transport Layer Security protocols in order to meet the needs of all parties. ETSI’s present TLS protocol activities are part of extensive standards developments among multiple bodies over many years and include specifications at link, network, transport, and application layers. This work has resulted in concepts and terms associated with Transport Layer Security protocols and TLS which have been in the public domain and generic for over three decades. ETSI’s involvement has encompassed both its own native work, as well as collaboration with other standards bodies. TC CYBER’s present work on the Middlebox Security Protocol TLS implementations stems from meeting the needs which our members bring to the Technical Committee and began with developing Middlebox Security Protocol use cases. Those use cases included a variety of implementation variants of TLS, with security and privacy analysis and safeguards. The extensive list of use cases is found in MSP Part 1 which will be published in the near future. One of the use cases includes enterprises running their own networks and services whilst meeting their obligations such as audit requirements of financial institutions, preventing malware placement, and detecting unlawful customer data exfiltration. TC CYBER realizes that such enterprise use cases may differ from IETF’s focus on perfecting a Transport Layer Security protocol for end-to-end traffic invisibility. These invisibility objectives may be suitable for many open network use cases that the IETF is addressing. However, a number of industry use cases exist that require other TLS implementations which were recognized at IETF and ETSI meetings. The actions of TC CYBER are similar to that of other standards bodies which have recently taken similar steps to develop diverse alternative TLS standards for necessary use cases in the marketplace. TC CYBER has discussed the name of Part 3 currently known as “eTLS” and to avoid any confusion, agreed to rename Part 3 “Enterprise Transport Security (ETS)”. This change will be applied to the next public version. TC CYBER also intends to register a “well-known” URI namespace pursuant to IETF RFCs.