Re: [TLS] This working group has failed

SM <sm@resistor.net> Sat, 16 November 2013 18:12 UTC

Return-Path: <sm@resistor.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD6B111E8100 for <tls@ietfa.amsl.com>; Sat, 16 Nov 2013 10:12:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.134
X-Spam-Level:
X-Spam-Status: No, score=-102.134 tagged_above=-999 required=5 tests=[AWL=0.465, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ulMqdvZlZKmN for <tls@ietfa.amsl.com>; Sat, 16 Nov 2013 10:12:33 -0800 (PST)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 608DA11E80E3 for <tls@ietf.org>; Sat, 16 Nov 2013 10:12:33 -0800 (PST)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id rAGICK9R013111; Sat, 16 Nov 2013 10:12:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1384625545; bh=i+VKuvmb3nshmA/31BVYI+81XitRToiLEfdL38An7+c=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=Dki9dJNgh0CPD3jgABUvqVdP5Y6yCgPLn1MHQoE3AeAT/zSLdC7AgCD4exre7ZzJ/ TmlkVK1ELLdIE4B8fID6sdrWs7lBogLTNpJDiOHCzmz5tN9ElW/ECi7vG46R441tTo A1+xyftvU2T0oBp3qFuaLSBpX5wwswAefQG40OGk=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1384625545; i=@resistor.net; bh=i+VKuvmb3nshmA/31BVYI+81XitRToiLEfdL38An7+c=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=Fd0uJjaSo11dVYXWSoVWV8Xli28sUcym3R8Vfrx6ejhGVWcizCmOyQhMBs9a/O+if BRBRkjDK/inX5IfKr0QCIWrTmAL/oyQNCDFKTDsx2nDwqISwO7T7+bfYunQ46yJs5Y 8ejVx5IVM9l0h7gRY1Q5wgROlW8RBI5TAzg6iSoo=
Message-Id: <6.2.5.6.2.20131116065610.0c538678@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Sat, 16 Nov 2013 07:25:22 -0800
To: Watson Ladd <watsonbladd@gmail.com>
From: SM <sm@resistor.net>
In-Reply-To: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.g mail.com>
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: tls@ietf.org
Subject: Re: [TLS] This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Nov 2013 18:12:34 -0000

Hi Watson,
At 20:53 15-11-2013, Watson Ladd wrote:
>What problems would a hypothetical competition solve that TLS 1.2
>hasn't already? Let's deal with real problems: TLS 1.2 is not getting
>deployed, RC4 is still out there, the handshake protocol takes too
>many round trips and is very hard to implement in an interoperable way
>due to options, all the implementations with modern cryptographic
>support have sucky APIs that make it impossible for ordinary
>developers to use correctly, etc. All of this I have said before as

It is well-known that TLS 1.2 was not getting deployed.  There are 
two libraries which are widely used.  If one of them does not support 
TLS 1.x deployment will be slow.  The lack of deployment affects 
several other IETF protocols.

A RFC is not successful if it is not implemented.  RFC 6982 discusses 
about running code.

Regards,
-sm