IETF Logo Mail Archive

Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

<home_pw@msn.com> Mon, 29 January 2007 18:28 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HBbFB-0001Ye-Gp; Mon, 29 Jan 2007 13:28:41 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HBbF9-0001YS-My for tls@ietf.org; Mon, 29 Jan 2007 13:28:39 -0500
Received: from bay0-omc3-s40.bay0.hotmail.com ([65.54.246.240]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HBbF6-0001oz-4C for tls@ietf.org; Mon, 29 Jan 2007 13:28:39 -0500
Received: from hotmail.com ([65.55.131.11]) by bay0-omc3-s40.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 29 Jan 2007 10:28:35 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 29 Jan 2007 10:28:35 -0800
Message-ID: <BAY126-DAV19437672566CEEAE2D22B92A70@phx.gbl>
Received: from 70.142.20.165 by BAY126-DAV1.phx.gbl with DAV; Mon, 29 Jan 2007 18:28:32 +0000
X-Originating-IP: [70.142.20.165]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: martin.rex@sap.com
References: <200701291624.RAA12296@uw1048.wdf.sap.corp>
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Date: Mon, 29 Jan 2007 10:28:32 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 29 Jan 2007 18:28:35.0394 (UTC) FILETIME=[4984AA20:01C743D3]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: c3a18ef96977fc9bcc21a621cbf1174b
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Sorry Galileo, said the Roman Inquisition: "Experiments must 
be pre-authorized by those with appropriate wisdom."

Heliocentrism, indeed. Ridiculously lame idea. Who knows 
where that one will lead... censure that thesis, along with 
all other protesting theses! Never let them even start to 
"follow the money" [renaissance/watergate]

We have to move on. Class C student Peter has his hands on 
$100 RIP2-capable 802.11i/802.1X gigabit 
router/switches/bridge/SPIfirewall, doing radius and EAP-TLS 
over PPPoE, with hardware IPSEC & GRE tunneling support. He 
and 14 year old Abdul Rahman XXVIth, son of the supermarket 
owner where they are sold, are both having fun configuring 
them to work with the TPM EAP-TLS module in their birthday 
Vista PCs, doing everything that research students were 
doing 10 years ago to (slowly) get higher assurance out of 
commodity technology - created mostly by that "evil" DoD 
hidden agenda: its COTS policy.

We cannot stop the experimenting. And should not try. Yes, 
there are lots of hidden agendas. What's new? They didn't 
stop us transforming PEM into the full spectrum key 
management world(s) that SSL now enjoys, did they? Start 
with grassroot-organized (crappy) security in software, and 
allow stepup to hardware assurance when some agenda has 
enough motivate to bother funding it, in some form. In that 
social process, educate a million users to administer the 
concepts ... and take charge of privacy issues for 
themselves, refining the  privacy concepts till they are 
workable - and no longer religious. Quite where it will all 
lead, we should not worry: a few million well-educated, 
empowered, well-fed people will sort that out for 
themselves.

Ive been attempting to move the debate away from some 
well-intentioned, but nontheless dubious protocol design, 
onto: could we perhaps just address the core 17th centry 
concepts that one author has indicated are behind the 
initiative, please: address the undeniable, "evidentiary" 
value of TLS _records_?

One assumes that the hidden agendas of those C17th law 
makers have worked themselves out by now.

Its pointless denying server-side sessionid caches are being 
raided, by police. Its pointless denying ethereal is used to 
decrypt stored streams. Its pointless denying that the SSL 
architecture facilitates such semi-covert practices, that 
are now mainstream; it has since day 1. What we CAN opt to 
do is turn it all around, and now do something useful with 
it (that also regularizes those actual practices, through 
normal social debate).

Now we can lead, or suppress. You get to chose your role, 
Inquisitor or Galileo, in the role play.


To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
Cc: <tls@ietf.org>
Sent: Monday, January 29, 2007 8:24 AM
Subject: Re: [TLS] Please discuss: 
draft-housley-evidence-extns-00<

> I'm violently opposed to that.
>
> TLS Evidence has many problems that are beyond fixing, 
> because of
> how it is architected and probably because it needs these 
> for
> its hidden agenda.
>
> All suggestions of how to use TLS Evidence in the 
> applications space
> are so ridiculously lame that I definitely do not want to 
> see
> TLS Evidence issued as an RFC, not even Informational.
>
> -Martin
>
> _______________________________________________
> TLS mailing list
> TLS@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/tls
> 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email