Re: Hum theatre

Phillip Hallam-Baker <hallam@gmail.com> Thu, 07 November 2013 17:48 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CE4E11E81E6 for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 09:48:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.494
X-Spam-Level:
X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[AWL=0.105, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o-T4Og8LS+SU for <ietf@ietfa.amsl.com>; Thu, 7 Nov 2013 09:48:53 -0800 (PST)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id D465411E818D for <ietf@ietf.org>; Thu, 7 Nov 2013 09:48:34 -0800 (PST)
Received: by mail-la0-f53.google.com with SMTP id eh20so714234lab.26 for <ietf@ietf.org>; Thu, 07 Nov 2013 09:48:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dOCDgKbEGM99a9x/xHyr62vg684VsryIM9IvPvlWqnM=; b=dWYridWaaAfBtyxaBPBSPSNPtB3m4/woyU6ixJQCKsZc0FE7fCI3BnMi79cNGdkPFi xkf0PHRFSeS6Xykj8iDs4/aSzJ668zCleK4AoOYQOEkvWuMLv/gzwPhV0WCG2s3VQudz j5xRgrZjit++v+VRDxC6SA5Lq1znfeB2tCClE4vsLffngsDv37uVM8o/qwzT6l+ZWyS2 oldJgVsY6UEdSpL2fXfJHTlY8gUE1GCjanq2yvewniPf0v/LCX9Tme1MqwL4CvstSLeh PqhBr+KJM13+juTIph05XMh0uPuFLYizsnD4Le0E4R6RXAbcbNIkuMWobz18yYJLmFNB xE4Q==
MIME-Version: 1.0
X-Received: by 10.152.244.170 with SMTP id xh10mr1100241lac.15.1383846513816; Thu, 07 Nov 2013 09:48:33 -0800 (PST)
Received: by 10.112.46.98 with HTTP; Thu, 7 Nov 2013 09:48:33 -0800 (PST)
In-Reply-To: <3B8251D7-23C4-413F-90B0-DB6EEC6ACF1C@tzi.org>
References: <527AF986.4090504@dcrocker.net> <CAHBU6iuDXQok_QRZe7BL__Vmkn447vUCSViDgrVkaedKAHcnfw@mail.gmail.com> <m2bo1w29zw.wl%randy@psg.com> <527B294E.20406@gmail.com> <E0485FA4-7F1A-4C78-B160-27C981B05DD4@cisco.com> <3B8251D7-23C4-413F-90B0-DB6EEC6ACF1C@tzi.org>
Date: Thu, 7 Nov 2013 12:48:33 -0500
Message-ID: <CAMm+Lwghyi19muapvSwuLzczmfi-XrmoPHXw=GTDiEyrrJ80GA@mail.gmail.com>
Subject: Re: Hum theatre
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Content-Type: multipart/alternative; boundary=001a1134b65ee1395904ea99df4b
Cc: "Klaas Wierenga \(kwiereng\)" <kwiereng@cisco.com>, IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 17:48:54 -0000

The sentiment is unanimous

Opinion on how to act on that sentiment remains divided.


One of the reasons that opinion on how to act is divided is that the
discussion of TLS everywhere is focused on the value TLS is designed to
bring to secure Internet protocols rather than the total value proposition
of TLS which was always intended to be wider.

The point of VeriSign Class 3 and later Organization Validation criteria
and the Extended Validation criteria is to establish ACCOUNTABILITY. The
authentication is a means to that end and the encryption is a nice
byproduct.


People have been using TLS with no accountability but authentication. Which
was only bad because the browsers didn't differentiate between the two
until Extended Validation was deployed.

Using crypto is not a problem, telling people that they are safe when they
are not is the problem. At the moment the IETF does not use metrics to
determine how difficult it would be for an attacker to break a system. This
is my effort in the area:

http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-00