Re: Hum theatre

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The sentiment is unanimous

Opinion on how to act on that sentiment remains divided.


One of the reasons that opinion on how to act is divided is that the discussion of TLS everywhere is focused on the value TLS is designed to bring to secure Internet protocols rather than the total value proposition of TLS which was always intended to be wider.

The point of VeriSign Class 3 and later Organization Validation criteria and the Extended Validation criteria is to establish ACCOUNTABILITY. The authentication is a means to that end and the encryption is a nice byproduct.


People have been using TLS with no accountability but authentication. Which was only bad because the browsers didn't differentiate between the two until Extended Validation was deployed.

Using crypto is not a problem, telling people that they are safe when they are not is the problem. At the moment the IETF does not use metrics to determine how difficult it would be for an attacker to break a system. This is my effort in the area:

http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-00




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]