Re: [TLS] Suite B compliance of TLS 1.2
Martin Rex <martin.rex@sap.com> Wed, 26 July 2006 20:22 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5ptP-0003lQ-6U; Wed, 26 Jul 2006 16:22:07 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5ptN-0003k4-TZ for tls@ietf.org; Wed, 26 Jul 2006 16:22:05 -0400
Received: from smtpde03.sap-ag.de ([155.56.68.140]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5ptM-0005ga-GJ for tls@ietf.org; Wed, 26 Jul 2006 16:22:05 -0400
Received: from sap-ag.de (smtpde03) by smtpde03.sap-ag.de (out) with ESMTP id WAA25080; Wed, 26 Jul 2006 22:20:05 +0200 (MESZ)
From: Martin Rex <martin.rex@sap.com>
Message-Id: <200607262020.WAA25245@uw1048.wdf.sap.corp>
Subject: Re: [TLS] Suite B compliance of TLS 1.2
To: uri.blumenthal@intel.com
Date: Wed, 26 Jul 2006 22:20:05 +0200
In-Reply-To: <279DDDAFA85EC74C9300A0598E7040565DC103@hdsmsx412.amr.corp.intel.com> from "Blumenthal, Uri" at Jul 26, 6 01:08:14 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
X-SAP: out
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Blumenthal, Uri wrote: > > I.e. you're arguing that cryptography is the strongest link in the > Navigator and similar products, and therefore efforts should be made in > addressing the weaknesses, not improving what's already "strong"? Then I > sympathize, but... > > To this my answer would be: we as TLS WG have no power over > implementation bugs. However we have the power to make sure that the > specified cryptography is not only "Navigator's strongest link" but is > strong according to the today's cryptologic science and technology. I was thinking in a more general fashion, and I'm getting off-topic. This is more geared towards "where do we as the IETF" should we put our efforts. Within the IETF we have been having a problem of insufficient "cross-pollination" between the security area and the other areas, because we security geeks are constantly busy improving our own stuff and making it ever more complex. We do not spent sufficient time to help the non-security guys to use the existing standards and protocols, even those that are already pretty good. Within Software development (in particular when one is not a niche-only provider of just a particular middleware component), there are limits to the available resources, what one can buy (if it is OEM) or what one can do (if you're implementing it yourself). I want to slightly caution about feature creep. There was a discussion at the IETF plenary about why so few documents/protocol advance on the standards track, and feature creep is the predominant reason. For the integrity protection, TLS is about protecting online communication and therefore must provide integrity protection against real-time attacks. The encryption algorithms, on the other hand, should be strong enough to provide confidentiality for many years. Digital signatures on archived documents is the area that has to focus on updating their hash algorithms. The "smaller" an iteration of the base spec is, the more likely it will be implemented/adopted widely, and the more likely there will be interoperability on newer features, because of the lower cost to implement/adopt it. -Martin _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- Re: [TLS] Suite B compliance of TLS 1.2 Brian Minard
- Re: [TLS] Suite B compliance of TLS 1.2 Brian Minard
- Re: [TLS] Suite B compliance of TLS 1.2 David Hopwood
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Vipul Gupta