Re: [TLS] Deployment ... Re: This working group has failed

Kirils Solovjovs <kirils.solovjovs@kirils.com> Tue, 19 November 2013 02:55 UTC

Return-Path: <kirils.solovjovs@kirils.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 248D61AEB31 for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 18:55:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FUZZY_CPILL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LwF6l8p3HcKw for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 18:55:42 -0800 (PST)
Received: from ps.id.lv (kirils.org [85.254.196.147]) by ietfa.amsl.com (Postfix) with ESMTP id 80CDE1AEB2F for <tls@ietf.org>; Mon, 18 Nov 2013 18:55:42 -0800 (PST)
Received: from [127.0.0.1] (ps.id.lv [85.254.196.147]) by ps.id.lv (8.14.7/8.12.11) with ESMTP id rAJ2tWbK008786 for <tls@ietf.org>; Tue, 19 Nov 2013 04:55:33 +0200
Message-ID: <528AD326.8080908@kirils.com>
Date: Tue, 19 Nov 2013 02:55:34 +0000
From: Kirils Solovjovs <kirils.solovjovs@kirils.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: tls@ietf.org
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <CAPMEXDbgp5+Gg6mkMWNrcOzmAbSpv3kjftGV0cjpqvMnRxpw=A@mail.gmail.com> <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi> <CACsn0c=9GrO21ECZczB2zft3bVODcc=1ZRp3pG22c-rrDfTPXQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711DAEEE373@USMBX1.msg.corp.akamai.com> <528AD194.9060003@amacapital.net>
In-Reply-To: <528AD194.9060003@amacapital.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 02:55:45 -0000

On 2013.11.19. 02:48, Andy Lutomirski wrote:
> On 11/18/2013 07:02 AM, Salz, Rich wrote:
>>> TLS 1.2 solves the same problem as TLS 1.0. It should therefore have the same API.
>>
>> Do you really believe this or are you trying to just be provocative?
> 
> Watson's right.  OpenSSL is the norm and the OpenSSL API is
> fundamentally wrong.  Let's see:
> 
1..4
> The world needs a good, permissively licensed,
> hard-or-impossible-to-misuse TLS API.  GnuTLS is probably the closest
> there is, and it has its set of issues, too.

Fully seconded, Andy!

Still.. what do you think should be done to alleviate this step by step?

Are you proposing to scrap openssl and start from scratch?

-- 
Kirils Solovjovs