Re: [TLS] MTI policy & practice (Was: Re: Comments on various things on agenda)
Dave Garrett <davemgarrett@gmail.com> Mon, 09 March 2015 23:11 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B2F91A8892 for <tls@ietfa.amsl.com>; Mon, 9 Mar 2015 16:11:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0TH7vnBYrnTL for <tls@ietfa.amsl.com>; Mon, 9 Mar 2015 16:11:21 -0700 (PDT)
Received: from mail-qc0-x229.google.com (mail-qc0-x229.google.com [IPv6:2607:f8b0:400d:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48C211A8830 for <tls@ietf.org>; Mon, 9 Mar 2015 16:11:20 -0700 (PDT)
Received: by qcyl6 with SMTP id l6so12767697qcy.13 for <tls@ietf.org>; Mon, 09 Mar 2015 16:11:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=jgU/PNgXoMoyc/nOihHcqvQAuus9mf0e1ODMd2WqrA4=; b=ViUaGSlQfjVn62mpw4VUlS97JQf4r+HjV9Mlh5vclM7P5T+XzsXrSKfwe6xRJX+af2 D141BRkcUVx2wsfp8B5qDPFJKIR0VSrhWzHn3d7TObR2/JvmGa6eJ/IbM0i3G+P8ZJau 5CEbIO2MqE9Q4F8bC8ypcL6ybUwilp4U8syP/4SKsL7wcW7FNoVJEg/CE+Soixa01plY RAgpYy7ahd42OUwQKkYV7ZocpMPiM2YMvzfzSS0Yb+NcRC5qOfiE/k0wZO4f8ZYPYwwt F7gJdRO/ms7SXHuqTtWWSTIJK9Fe7gTgF1jgxIi12WIjGnphSQg1t8o0fNMNr9FErq2S /qvg==
X-Received: by 10.140.238.139 with SMTP id j133mr39685032qhc.26.1425942679638; Mon, 09 Mar 2015 16:11:19 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. [96.245.254.195]) by mx.google.com with ESMTPSA id r195sm2964460qha.0.2015.03.09.16.11.19 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 09 Mar 2015 16:11:19 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: Aaron Zauner <azet@azet.org>
Date: Mon, 09 Mar 2015 19:11:16 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-71-generic-pae; KDE/4.4.5; i686; ; )
References: <65D2FD736B6B2B48B2EAD2BD189DC9CC270CA949@LLE2K10-MBX01.mitll.ad.local> <201503091821.41393.davemgarrett@gmail.com> <20150309223806.GA3923@typhoon.azet.org>
In-Reply-To: <20150309223806.GA3923@typhoon.azet.org>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201503091911.17254.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/3JQ2mmyRGfHweC_NCDkUBzcVR7M>
Cc: tls@ietf.org
Subject: Re: [TLS] MTI policy & practice (Was: Re: Comments on various things on agenda)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 23:11:23 -0000
On Monday, March 09, 2015 06:38:08 pm Aaron Zauner wrote: > In any case, people do argue that algorithmic agility causes more > problems than it's worth. I agree somewhat, but IMHO at least one > backup is a good idea I'd much rather have three than two. (not counting deprecated ciphers/modes) I think of it in this way: if one were to vanish, there would still be a choice left. With only two chosen ones, then a fatal attack on one brings us all the way back to the one-true-cipher again. If you assume eventual failure, a secondary backup is very desirable. Dave
- [TLS] TLS Interim - update and agenda Joseph Salowey
- Re: [TLS] TLS Interim - update and agenda Yoav Nir
- Re: [TLS] TLS Interim - update and agenda Benjamin Beurdouche
- Re: [TLS] TLS Interim - update and agenda Sean Turner
- Re: [TLS] Comments on various things on agenda (W… Dave Garrett
- [TLS] Comments on various things on agenda (Was: … Ilari Liusvaara
- Re: [TLS] Comments on various things on agenda (W… Eric Rescorla
- Re: [TLS] Comments on various things on agenda (W… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Stephen Farrell
- Re: [TLS] Comments on various things on agenda (W… Aaron Zauner
- Re: [TLS] Comments on various things on agenda (W… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Aaron Zauner
- Re: [TLS] Comments on various things on agenda (W… Stephen Checkoway
- Re: [TLS] Comments on various things on agenda (W… Blumenthal, Uri - 0558 - MITLL
- [TLS] MTI policy & practice (Was: Re: Comments on… Dave Garrett
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Aaron Zauner
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Yoav Nir
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Aaron Zauner
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Dave Garrett
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Aaron Zauner
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Dave Garrett
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Watson Ladd
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Brian Sniffen
- Re: [TLS] Comments on various things on agenda (W… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Sean Turner