Re: [TLS] Deployment ... Re: This working group has failed
Watson Ladd <watsonbladd@gmail.com> Mon, 18 November 2013 04:50 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C7B611E822A for <tls@ietfa.amsl.com>; Sun, 17 Nov 2013 20:50:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.14
X-Spam-Level:
X-Spam-Status: No, score=-2.14 tagged_above=-999 required=5 tests=[AWL=0.160, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPXtV5655yQw for <tls@ietfa.amsl.com>; Sun, 17 Nov 2013 20:50:35 -0800 (PST)
Received: from mail-we0-x22b.google.com (mail-we0-x22b.google.com [IPv6:2a00:1450:400c:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 5B6CD11E8165 for <tls@ietf.org>; Sun, 17 Nov 2013 20:50:35 -0800 (PST)
Received: by mail-we0-f171.google.com with SMTP id t61so5680835wes.16 for <tls@ietf.org>; Sun, 17 Nov 2013 20:50:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=GzwR5I9Rfaf65bEMHLHeGf6i0goJnz/BozVgoBYZFII=; b=axnmU3qppzEMy7LmCjTPR30dFer2shtAC4MqDar3Hge4+2whI48pX7yjwdS/2zwYdA liSXBx3dMBUVx+hDFtdaWE6ttyM8JTF2sXE5gmAKKmhEV+mbDkymz0KSGj3UAkaUxj2V 0dAs35PJXwL+cvHYSmj4PFazFzUbUe8eMWpHlV3yvrffaAXJTe83lbPClVgWw8Spl8Ag yUAPYb1PZjkJFsZ05v9hQ8dbs4g/t1os7TqqJ22DzzUGOOHHH5vmrhaVk50/yzrApoM9 gb8k2CSJqJY+g8yeT2hkpkImrtDhmPX6tC9fXB4atfE8OXutlFsoyMeMcksOHnhF5jph TTMQ==
MIME-Version: 1.0
X-Received: by 10.195.13.45 with SMTP id ev13mr15046958wjd.20.1384750234352; Sun, 17 Nov 2013 20:50:34 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Sun, 17 Nov 2013 20:50:34 -0800 (PST)
In-Reply-To: <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi>
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <CAPMEXDbgp5+Gg6mkMWNrcOzmAbSpv3kjftGV0cjpqvMnRxpw=A@mail.gmail.com> <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi>
Date: Sun, 17 Nov 2013 20:50:34 -0800
Message-ID: <CACsn0c=9GrO21ECZczB2zft3bVODcc=1ZRp3pG22c-rrDfTPXQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Juho Vähä-Herttua <juhovh@iki.fi>
Content-Type: text/plain; charset="UTF-8"
Cc: "tls@ietf.org" <tls@ietf.org>, Kyle Hamilton <aerowolf@gmail.com>
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2013 04:50:37 -0000
TLS 1.2 solves the same problem as TLS 1.0. It should therefore have the same API. Somehow, having a state machine driven by data coming from a socket driven by various options is hard to design a good API around. (Seriously, transition(stateobject, data_fed_in, length of data, data_maybe_coming_out, length_out) and getcurrentstate(stateobject) together with some queries and setup of options would do just fine.) Part of the reason for the lack of updates is good Internet citizenship brings no rewards. F5 customers don't give a damn about holding the rest of us back so long as that little lock icon still appears, embedded device makers see no reason to upgrade, etc. Add this to the fight of browser makers for market share, and anything that is good to do/has a risk of breaking some sites will not get done. The complexity of OpenSSL building, and most of the complexity of OpenSSL is purely gratuitous. There is no reason it cannot be as clear as the Go TLS library or PolarSSL. This of course means that we have to live with whatever choices we make for a long time, and ensure that implementations are simple enough to be bug-free. Sincerely, Watson Ladd
- [TLS] This working group has failed Watson Ladd
- [TLS] Deployment ... Re: This working group has f… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Taylor Hornby
- Re: [TLS] This working group has failed SM
- Re: [TLS] This working group has failed Ralph Holz
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Yoav Nir
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] This working group has failed Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Mark Nottingham
- Re: [TLS] Deployment ... Re: This working group h… Kyle Hamilton
- Re: [TLS] Deployment ... Re: This working group h… Juho Vähä-Herttua
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Andrei Popov
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Geoffrey Keating
- Re: [TLS] Deployment ... Re: This working group h… Michael Staubermann
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Joshua Davies
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Kirils Solovjovs
- Re: [TLS] Deployment ... Re: This working group h… Andy Wilson
- Re: [TLS] Deployment ... Re: This working group h… Marsh Ray
- Re: [TLS] Deployment ... Re: This working group h… Ralf Skyper Kaiser
- Re: [TLS] Deployment ... Re: This working group h… Ben Laurie
- [TLS] TLS protocol version intolerance [Was: Re: … Ivan Ristić
- Re: [TLS] Deployment ... Re: This working group h… Zooko Wilcox-OHearn
- Re: [TLS] TLS protocol version intolerance [Was: … Michael Sweet
- Re: [TLS] TLS protocol version intolerance [Was: … Eric Rescorla
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- [TLS] multiple clients in one process (was: Re: D… Patrick Pelletier
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski
- Re: [TLS] multiple clients in one process (was: R… Daniel Kahn Gillmor
- Re: [TLS] multiple clients in one process (was: R… Nico Williams
- Re: [TLS] multiple clients in one process (was: R… Nikos Mavrogiannopoulos
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski