Re: [TLS] TLS 1.2 draft comments
<home_pw@msn.com> Sun, 31 December 2006 22:39 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H19L0-0005Br-4j; Sun, 31 Dec 2006 17:39:30 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H19Ky-0005Bl-VR for tls@ietf.org; Sun, 31 Dec 2006 17:39:28 -0500
Received: from bay0-omc1-s7.bay0.hotmail.com ([65.54.246.79]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H19Kx-0000ZR-LC for tls@ietf.org; Sun, 31 Dec 2006 17:39:28 -0500
Received: from hotmail.com ([65.54.174.86]) by bay0-omc1-s7.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 31 Dec 2006 14:39:26 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 31 Dec 2006 14:39:26 -0800
Message-ID: <BAY103-DAV142343AFC711B90BC8721C92C40@phx.gbl>
Received: from 69.227.152.254 by BAY103-DAV14.phx.gbl with DAV; Sun, 31 Dec 2006 22:39:22 +0000
X-Originating-IP: [69.227.152.254]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: Omirjan Batyrbaev <batyr@sympatico.ca>
References: <BAY103-DAV17E2A403A0F53177A5D23792C50@phx.gbl><868xgp594m.fsf@delta.rtfm.com><BAY103-DAV18B3EF60CDF312016ABCF892C40@phx.gbl><000701c72cf4$3f171c30$07ae5e41@pbo8f8e10aowa> <86slew10pc.fsf@delta.rtfm.com> <002701c72d1f$0441dd90$07ae5e41@pbo8f8e10aowa>
Subject: Re: [TLS] TLS 1.2 draft comments
Date: Sun, 31 Dec 2006 14:39:38 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 31 Dec 2006 22:39:26.0712 (UTC) FILETIME=[86D2C780:01C72D2C]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Its true, they have gone, as has the calculation. And I didn't even notice. Wow. After:- All that crap about no RSA standard (1986 Geneva, State) All that crap about LEAFs on IVs (1993 Fort Meade, NSA/NSC) All that crap about dual certs & cross-certs (1992/1994 Ottawa, CSE) All that crap about low entropy KDFs. (1995 Mountain View, Commerce) All that crap about TTP CAs enforcing key escrow (1996 935 Pennsylvania Avenue, FBI) All that crap about dual channel keying (1996 Royal Holloway, F&CWO) All that crap about Bridge CA Assurance enforcement (2000 Washington, GSA) Talk about shunting a bad policy around the agencies, to get rid of it! I mean, it was just a career killer! We need rapidly to bring back Fortezza technology back into a general purpose SSL ciphersuite: KEA and key wrapping are well worth having. Now Rumsfeld has gone, someone get DoD to put CAC firmware for javacards (and driver libraries) into the open source community, where they belong. It will go far, and will multiply. Keep the PIV stuff proprietary and controlled for now, till public confidence is higher. All we need now is dissolution of the stooge ANSI X9 RSA group, and some test vectors from NIST for RSA key transport. And, is IESG ready to have a look at moving SSL beyond Proposed, yet!? ---- The real test is of course Microsoft Windows, looking at the China distribution of Vista next month. Does it conform (I.e. refuse to negotiate export ciphers, with a TLS 1.1 client) Does it conform (I.e. perform negotiation with them, with a TLS 1.0 client) But, I have the highest regard for Microsoft on cryptopolicy matters. Lets wait and see how they do. ----- ----- Original Message ----- From: "Omirjan Batyrbaev" <batyr@sympatico.ca> To: "EKR" <ekr@networkresonance.com> Cc: <home_pw@msn.com>; <tls@ietf.org> Sent: Sunday, December 31, 2006 1:02 PM Subject: Re: [TLS] TLS 1.2 draft comments > see inserted: > Subject: Re: [TLS] TLS 1.2 draft comments >> Because there's no good reason for them to exist and the key >> weakening primitive adds substantial complexity to the >> protocol. There are lots of good reasons now to have lots of different KDFs for setting connection state! There are many dual purposes of the control technology used in export enforcement, for business & legal purposes (not just the obvious purposes of mandatory data retention, wiretapping etc). I think Ill bring back my connection-NR for TLS, where handshakes punctuate the transaction, like Russ's alerts do. With TLS Evidence also making a signature, we gets lots of assurance toys to play with and apply to a wide range of orchestrated business flows. _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.2 draft comments home_pw
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments home_pw
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments home_pw
- Re: [TLS] TLS 1.2 draft comments Omirjan Batyrbaev
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments Omirjan Batyrbaev
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments home_pw