Re: [TLS] Fixing TLS
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 13 January 2016 12:32 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BA161A6F99 for <tls@ietfa.amsl.com>; Wed, 13 Jan 2016 04:32:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NPSXQuAi-afM for <tls@ietfa.amsl.com>; Wed, 13 Jan 2016 04:32:08 -0800 (PST)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAF071ACD9F for <tls@ietf.org>; Wed, 13 Jan 2016 04:32:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1452688329; x=1484224329; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=HKM1pZV0o1cxs1AOD2/5Vt6txRPm1czZwdiTj40uuEk=; b=S7gkbHWpNkboKskpbqac/GX56QJ4hfOocuFJXahKNMmLz7z76HUn4M/K n/QS3QgCkpwF+mK+9w682lXKMNeP0PzEd36reHQJJcfTOqkN76uFlWvSF 8pzQJ267iRCRPYHb413Y4p+Bu2VbGY/y1MPmwqW/uZAHyqDzA+5wl48sD kqMT1dSLCKWkpfuKrFGtEpisVpqpEvvK8dgb0Ewj+dsKAaQPqshUCfR3K Fik8ccD6lTc4dxgtNct/dfX+WYgJuYrnELTQrwnnNjdyqEQI62UCbRJdn eBPj+N9R70CGkIMIBSFuYhID5hK0U11IKXqKqU8A6DtuC8y5SUK52us8/ A==;
X-IronPort-AV: E=Sophos;i="5.22,288,1449486000"; d="scan'208";a="62935061"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.112 - Outgoing - Outgoing
Received: from uxchange10-fe1.uoa.auckland.ac.nz ([130.216.4.112]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 14 Jan 2016 01:32:06 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.153]) by uxchange10-fe1.UoA.auckland.ac.nz ([130.216.4.112]) with mapi id 14.03.0266.001; Thu, 14 Jan 2016 01:32:05 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Hubert Kario <hkario@redhat.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Fixing TLS
Thread-Index: AdFNQhHrFy3mVBx6TGiPN32I/iztzf//Ww+AgAFZaKb//zG9AIAArXmAgADjpcM=
Date: Wed, 13 Jan 2016 12:32:05 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4BC7853@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4BC6849@uxcn10-5.UoA.auckland.ac.nz> <9A043F3CF02CD34C8E74AC1594475C73F4BC727B@uxcn10-5.UoA.auckland.ac.nz> <CACsn0ckao2wyptscLq1feQUWyPkkHm6mmarF=7roWv8vGAZkxA@mail.gmail.com>, <1697088.4ma2uCFsM4@pintsize.usersys.redhat.com>
In-Reply-To: <1697088.4ma2uCFsM4@pintsize.usersys.redhat.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/2lvJgVuzAL5Hd6UKJY8h5fCGDk8>
Subject: Re: [TLS] Fixing TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2016 12:32:13 -0000
Hubert Kario <hkario@redhat.com> writes: >So lets not repeat those mistakes Exactly, there are more than enough new ones for 2.0-called-1.3 to make that we don't (necessarily) have to repeat existing ones (although I'm sure we will in some cases). And that's exactly my point, we're throwing away 20 years of refining TLS 1.x and more or less starting again with 2.0-called-1.3, with a whole new set of mistakes to make. I really don't want to spend the next 20 years patching all the holes that will be found in 2.0-called-1.3, I've already had enough of that for the 1.x version. TLS needs an LTS version that you can just push out and leave to its own devices, for the same reason that other products also have LTS versions, that lots of people have better things to do with their life than playing bugfix whack-a-mole for the duration of it. Peter.
- [TLS] Fixing TLS Peter Gutmann
- Re: [TLS] Fixing TLS Dave Garrett
- Re: [TLS] Fixing TLS Yoav Nir
- Re: [TLS] Fixing TLS Ilari Liusvaara
- Re: [TLS] Fixing TLS Peter Bowen
- Re: [TLS] Fixing TLS Watson Ladd
- Re: [TLS] Fixing TLS Eric Rescorla
- Re: [TLS] Fixing TLS Dave Garrett
- Re: [TLS] Fixing TLS Peter Bowen
- Re: [TLS] Fixing TLS Eric Rescorla
- Re: [TLS] Fixing TLS Ilari Liusvaara
- Re: [TLS] Fixing TLS David Benjamin
- Re: [TLS] Fixing TLS Bill Cox
- Re: [TLS] Fixing TLS Dave Garrett
- Re: [TLS] Fixing TLS Andrei Popov
- Re: [TLS] Fixing TLS Bill Cox
- Re: [TLS] Fixing TLS Dave Garrett
- Re: [TLS] Fixing TLS Tony Arcieri
- Re: [TLS] Fixing TLS Eric Rescorla
- Re: [TLS] Fixing TLS Kurt Roeckx
- Re: [TLS] Fixing TLS Eric Rescorla
- Re: [TLS] Fixing TLS Dave Garrett
- Re: [TLS] Fixing TLS Eric Rescorla
- Re: [TLS] Fixing TLS Peter Gutmann
- Re: [TLS] Fixing TLS Watson Ladd
- Re: [TLS] Fixing TLS Martin Rex
- Re: [TLS] Fixing TLS Nikos Mavrogiannopoulos
- Re: [TLS] Fixing TLS SCHWARZ, Albrecht (Albrecht)
- Re: [TLS] Fixing TLS Hubert Kario
- Re: [TLS] Fixing TLS Hubert Kario
- Re: [TLS] Fixing TLS Dmitry Belyavsky
- Re: [TLS] Fixing TLS Hubert Kario
- Re: [TLS] Fixing TLS Hubert Kario
- Re: [TLS] Fixing TLS Peter Gutmann
- Re: [TLS] Fixing TLS Salz, Rich
- Re: [TLS] Fixing TLS Martin Rex
- Re: [TLS] Fixing TLS Peter Gutmann
- Re: [TLS] Fixing TLS Peter Gutmann
- Re: [TLS] Fixing TLS Ilari Liusvaara
- Re: [TLS] Fixing TLS Ilari Liusvaara
- Re: [TLS] Fixing TLS Martin Rex
- Re: [TLS] Fixing TLS Ilari Liusvaara
- Re: [TLS] Fixing TLS Martin Rex