> I'm increasingly coming to think that *everything* should be done with > TLS unless you can prove it's harmful. Call me paranoid, but given > the general state of the world, secure-by-default seems like the way > to go. -Tim This sentiment always sounds nice, but the devil is in the details. Back when STARTTLS was added to SMTP, a bunch of us thought this provided the means to do opportunistic encyption of email transport, so there was a push to deploy that. It was a total failure - it seems a certain large vendor with a very popular implementation borked their server so it advertised STARTTLS even though no certificate was installed and any attempt to negotiate TLS protection would end in failure. And since the negotiation failure left the connection in an unusable state, a new connection had to be tried, along with all the logic to prevent the new one from ending up in the same state. It tooks years before enough of the broken servers were fixed to try again, and by then service defaults and deployment guidelines were well established and the opportunity was gone as well. Of course this set of issues was unique to the situation. But with TLS it's always something - if it isn't broken default configurations, its incompatible cipher suites, or problems with certificate formats, or expired certificates, or dubious CAs, or major security holes in popular implementations, etc. etc. The bottom line is this stuff is just too complicated for mere mortals to get right, and the fact that they then proceed to get it wrong more often than not causes an enormous amount of trouble. In the present case, for example, you may think that an expired certificate is not a big deal. Not so. For one thing, the more people have to click on the "this really isn't secure, proceed anyway" button to get things done, the more likely they are to do it when it's a real attack and not a maintenance problem. And for another, there are some browser/certificate error combinations where there's no workaround - no amount of clicking "I agree" buttons will get you the data you're after. I don't have an anwwer here, but the one thing I'm fairly sure of is that blindly pushing TLS everywhere is not the solution a lot of folks believe it is. Ned _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf