IETF Logo Mail Archive

Re: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to

Martin Rex <martin.rex@sap.com> Thu, 11 January 2007 16:43 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H531B-0007hK-Ug; Thu, 11 Jan 2007 11:43:09 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H531A-0007g7-7y for tls@ietf.org; Thu, 11 Jan 2007 11:43:08 -0500
Received: from smtpde03.sap-ag.de ([155.56.68.140]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H530r-0005lS-E4 for tls@ietf.org; Thu, 11 Jan 2007 11:43:08 -0500
Received: from sap-ag.de (smtpde03) by smtpde03.sap-ag.de (out) with ESMTP id RAA02909; Thu, 11 Jan 2007 17:42:29 +0100 (MEZ)
From: Martin Rex <martin.rex@sap.com>
Message-Id: <200701111642.RAA28793@uw1048.wdf.sap.corp>
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to
To: mark@redphonesecurity.com
Date: Thu, 11 Jan 2007 17:42:23 +0100
In-Reply-To: <015c01c73596$2d61a910$6801a8c0@rps.local> from "Mark Brown" at Jan 11, 7 09:35:52 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
X-SAP: out
X-SAP: out
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
Cc: DPKemp@missi.ncsc.mil, tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Thank your for your explanations.

I don't understand why this proposal is brought to the IETF.

>From what I read, the IETF originally started out with government
funding, an a large part came from the department of defense.
The IPv4 spec says something like there was a secretive variant
of IP(v4) with support for all the esoteric stuff that you
are talking about for use in the military and by secretive agencies.
The academic and public wasn't bothered with any of this.


Today, the IETF is an open international forum and producing
standards for use in COTS (commercial of the shelf) software and
Open Source, for the masses (private and business use).

There is a huge gap between the concepts that you described
and the software that we're using today, at home and in the office
--it's not even in the same galaxy.


I think you should carry this proposal and the concepts back down
into the secret cellar where it comes from, and where those guys
dwell who believe that they need it, and that they continue
playing on their own.  They probably need multi-level security
in order to contain the evidence why something fucked up, who was
responsible and who else knew about it.


In the IETF we should try to produce standards for the needs of
the general public and remain on a level playing field with
e.g. the IETF apps area.  For years they have been complaining
that IETF security protocols are already to difficult and too
complex for them, and there is some truth in it, they are
already pretty secure and pretty complex.


A chain is only as strong as its weakest link, and the TLS Evidence
proposal is such an enormous and heavy link, it is going to rip
this chain apart all alone by its own weight.


-Martin

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email