Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Using TLS in Applications
charter-ietf-uta-01

Yes

(Barry Leiba)

(Jari Arkko)

(Pete Resnick)

(Richard Barnes)

(Sean Turner)

(Stephen Farrell)

(Ted Lemon)

No Objection

(Adrian Farrel)

(Benoît Claise)

(Brian Haberman)

(Gonzalo Camarillo)

(Joel Jaeggli)

(Martin Stiemerling)

(Spencer Dawkins)

(Stewart Bryant)

Ballots:

Note: This ballot was opened for revision 00-00 and is now closed.

Ballot question: "Is this charter ready for external review?"

Barry Leiba Former IESG member

Yes

Yes (2013-11-16 for -00-01) Unknown

Note that there's a storm in httpbis as they discuss doing this with HTTP 2.0.  This charter is looking at best practices for HTTP 1.1, *not* for anything related to 2.0.

Jari Arkko Former IESG member

Yes

Yes (2013-11-21 for -00-02) Unknown

YES

Pete Resnick Former IESG member

Yes

Yes (2013-11-20 for -00-02) Unknown

- I'd really like the charter to explicitly call out server-to-server unauthenticated encryption as a work item.

- I'm bummed that the unauthenticated client-to-server item was softened to "consider", and would like to understand why that is necessary.

Richard Barnes Former IESG member

Yes

Yes (for -00-02) Unknown

Sean Turner Former IESG member

Yes

Yes (for -00-02) Unknown

Stephen Farrell Former IESG member

Yes

Yes (2013-11-17 for -00-02) Unknown

Yes I said yes as a Mrs. Bloom once said:-)

Ted Lemon Former IESG member

Yes

Yes (2013-11-21 for -00-02) Unknown

I second Spencer's comment—I have no idea what "definitions" means in that bullet item. :)

Otherwise I am enthusiastically in favor of this work being done.

Adrian Farrel Former IESG member

No Objection

No Objection (for -00-02) Unknown

Benoît Claise Former IESG member

No Objection

No Objection (2013-11-21 for -00-02) Unknown

- Consider, and possibly define, a standard way for an application client and
server to use unauthenticated encryption through TLS when server and/or client
authentication cannot be achieved.

I guess the tradeoff of unauthenticated encryption will be documented. Maybe it's so obvious that we don't need to mention that in the charter ... No strong feeling about this.

Brian Haberman Former IESG member

No Objection

No Objection (for -00-02) Unknown

Gonzalo Camarillo Former IESG member

No Objection

No Objection (for -00-02) Unknown

Joel Jaeggli Former IESG member

No Objection

No Objection (for -00-02) Unknown

Martin Stiemerling Former IESG member

No Objection

No Objection (for -00-02) Unknown

Spencer Dawkins Former IESG member

No Objection

No Objection (2013-11-20 for -00-02) Unknown

In this text: This WG has the following tasks:

- Update the definitions for using TLS over a set of representative application
protocols.

would it be helpful to say where these definitions are now? If they are in some RFC nnnn, perhaps it's helpful to say "updating the definitions in RFC nnnn".

Stewart Bryant Former IESG member

No Objection

No Objection (for -00-02) Unknown

Using TLS in Applications charter-ietf-uta-01

Using TLS in Applications
charter-ietf-uta-01