Kurt Zeilenga wrote:
A question came up off-list which I think needs to be explicitly
addressed in the charter text.
While the mechanism provide a security layer?
From list discussions, I think the answer is:
The replacement mechanism is expected not to provide a security
layer itself, instead rely on
security services provided at a lower layer (e.g., TLS) and
channel bindings.
That is fine with me.I might be in minority, but I would rather not have any text prohibiting development of a security layer.
I recommend inserting this sentence just before "The WG is expected to strike..." and deleting the "channel binding" quality.
Sure.
Also, as it is desirable to have a shorter list of qualities, I also recommend deleting "algorithm agility" and "minimal roundtrips" qualities.
Fine with me. Both are good practices, so we are unlikely to design a mechanism that maximizes the number of round trips, etc. ;-).