Re: [sasl] MOGGIES Proposed Charter
Nicolas Williams <Nicolas.Williams@oracle.com> Fri, 21 May 2010 23:11 UTC
Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A0F13A6A99; Fri, 21 May 2010 16:11:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.133
X-Spam-Level:
X-Spam-Status: No, score=-4.133 tagged_above=-999 required=5 tests=[AWL=-0.135, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eZYosepT0Q2B; Fri, 21 May 2010 16:11:05 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 41D883A6A95; Fri, 21 May 2010 16:11:05 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4LNAtqU011778 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 21 May 2010 23:10:57 GMT
Received: from acsmt355.oracle.com (acsmt355.oracle.com [141.146.40.155]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4LMbYaK022976; Fri, 21 May 2010 23:10:55 GMT
Received: from abhmt006.oracle.com by acsmt355.oracle.com with ESMTP id 289445551274483346; Fri, 21 May 2010 16:09:06 -0700
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 21 May 2010 16:09:05 -0700
Date: Fri, 21 May 2010 18:09:00 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Tom Yu <tlyu@mit.edu>
Subject: Re: [sasl] MOGGIES Proposed Charter
Message-ID: <20100521230900.GF9605@oracle.com>
References: <20100518191521.GL9429@oracle.com> <201005202238.o4KMcML6028897@fs4113.wdf.sap.corp> <20100520225647.GX9605@oracle.com> <ldvy6fc3mg8.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <ldvy6fc3mg8.fsf@cathode-dark-space.mit.edu>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Auth-Type: Internal IP
X-Source-IP: acsinet15.oracle.com [141.146.126.227]
X-CT-RefId: str=0001.0A090201.4BF71302.002B:SCFMA922111,ss=1,fgs=0
Cc: kitten@ietf.org, tim.polk@nist.gov, sasl@ietf.org
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 May 2010 23:11:07 -0000
On Fri, May 21, 2010 at 06:43:35PM -0400, Tom Yu wrote: > Yes, this means that you may have to revise the numeric "security > strength" that you report for a given cryptographic association as new > cryptanalytic attacks are discovered, but you would have to do that > anyway with a non-numeric method of reporting "security strength". Yes, but that way we get to also have policy names, both, standard and locally-defined, as the interface _for users_. Let me refine my problem with numeric measures of cryptographic strength in APIs. There are two. First, what's better in a UI (I'm betting API particulars will leak into UIs)? Second, do we want to encourage users and/or developers to make relative cipher suite strength comparisons? Looking at it from a UI perspective I'd rather have UI-friendly security strength indications than numeric ones. One might argue that numeric measures of strength are what users are used to, and there's no sense in trying to change that. Is anyone up for that argument? Nico --
- MOGGIES Proposed Charter Shawn Emery
- Re: MOGGIES Proposed Charter Simon Josefsson
- Re: MOGGIES Proposed Charter Alexey Melnikov
- Re: [sasl] MOGGIES Proposed Charter Alexey Melnikov
- Re: MOGGIES Proposed Charter Simon Josefsson
- Re: MOGGIES Proposed Charter Alexey Melnikov
- Re: [sasl] MOGGIES Proposed Charter Simon Josefsson
- Re: [sasl] MOGGIES Proposed Charter Nicolas Williams
- Re: [sasl] MOGGIES Proposed Charter Jeffrey Altman
- Re: [sasl] MOGGIES Proposed Charter Nicolas Williams
- Re: [sasl] MOGGIES Proposed Charter Jeffrey Hutzelman
- Re: [sasl] MOGGIES Proposed Charter Nicolas Williams
- Re: [sasl] MOGGIES Proposed Charter Jeffrey Hutzelman
- Re: MOGGIES Proposed Charter Simon Josefsson
- Re: MOGGIES Proposed Charter Andrew Bartlett
- Re: [sasl] MOGGIES Proposed Charter Alexey Melnikov
- Re: [sasl] MOGGIES Proposed Charter Alexey Melnikov
- Re: MOGGIES Proposed Charter Jeffrey Hutzelman
- Re: [sasl] MOGGIES Proposed Charter Martin Rex
- Re: [sasl] MOGGIES Proposed Charter Nicolas Williams
- Re: MOGGIES Proposed Charter< Martin Rex
- Re: [sasl] MOGGIES Proposed Charter Tom Yu
- Re: [sasl] MOGGIES Proposed Charter Nicolas Williams
- Re: [sasl] MOGGIES Proposed Charter Arnt Gulbrandsen
- Re: [sasl] MOGGIES Proposed Charter Nicolas Williams
- Re: [sasl] MOGGIES Proposed Charter Kurt Zeilenga
- Re: MOGGIES Proposed Charter< Sam Hartman
- Re: [sasl] MOGGIES Proposed Charter Leif Johansson
- Re: MOGGIES Proposed Charter Leif Johansson