IETF Logo Mail Archive

Re: [sasl] MOGGIES Proposed Charter

Arnt Gulbrandsen <arnt@gulbrandsen.priv.no> Sat, 22 May 2010 09:22 UTC

Return-Path: <arnt@gulbrandsen.priv.no>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AADD23A6C4C; Sat, 22 May 2010 02:22:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.28
X-Spam-Level:
X-Spam-Status: No, score=-0.28 tagged_above=-999 required=5 tests=[AWL=-0.281, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZS8G-MoFB+NK; Sat, 22 May 2010 02:22:35 -0700 (PDT)
Received: from strange.aox.org (strange.aox.org [IPv6:2001:4d88:100c::1]) by core3.amsl.com (Postfix) with ESMTP id 028923A6C3B; Sat, 22 May 2010 02:22:24 -0700 (PDT)
Received: from fri.gulbrandsen.priv.no (kalyani.aox.org [79.140.39.164]) by strange.aox.org (Postfix) with ESMTP id E60C1FA0008; Sat, 22 May 2010 09:22:22 +0000 (UTC)
Received: from arnt@gulbrandsen.priv.no by fri.gulbrandsen.priv.no (Archiveopteryx 3.1.3) with esmtpa id 1274520135-37716-37715/8/50; Sat, 22 May 2010 11:22:15 +0200
Message-Id: <aTuL5hseOU458FLQG7pXdg.md5@lochnagar.gulbrandsen.priv.no>
Date: Sat, 22 May 2010 11:22:32 +0200
From: Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
Subject: Re: [sasl] MOGGIES Proposed Charter
Organization: http://arnt.gulbrandsen.priv.no
References: <20100518191521.GL9429@oracle.com> <201005202238.o4KMcML6028897@fs4113.wdf.sap.corp> <20100520225647.GX9605@oracle.com> <ldvy6fc3mg8.fsf@cathode-dark-space.mit.edu> <20100521230900.GF9605@oracle.com>
In-Reply-To: <20100521230900.GF9605@oracle.com>
Content-Type: text/plain; format="flowed"
Mime-Version: 1.0
X-Mailman-Approved-At: Sat, 22 May 2010 18:40:51 -0700
Cc: kitten@ietf.org, tim.polk@nist.gov, sasl@ietf.org
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 May 2010 09:22:37 -0000

Nicolas Williams writes:
> Let me refine my problem with numeric measures of cryptographic 
> strength in APIs. There are two. First, what's better in a UI (I'm 
> betting API particulars will leak into UIs)?

As (mostly former) UI-head: Numbers are better than magic constants. 
Magic constants have a way of getting into a fight with UI translation.

There are good ways to handle magic constants, but errare humanum est, 
programmers are human, and my impression is that magic constants are 
associated with more UI snafus than numbers.

> Second, do we want to encourage users and/or developers to make 
> relative cipher suite strength comparisons?

Other than "Pick the best?"

Arnt

v2.23.0 | Report a Bug | By Email