Re: [TLS] Deployment ... Re: This working group has failed

Andy Wilson <andrewgwilson@gmail.com> Tue, 19 November 2013 04:15 UTC

Return-Path: <andrewgwilson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 113221AE344 for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 20:15:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FUZZY_CPILL=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CoBzwGXDcSNU for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 20:15:18 -0800 (PST)
Received: from mail-bk0-x22f.google.com (mail-bk0-x22f.google.com [IPv6:2a00:1450:4008:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id AF54C1AE8FA for <tls@ietf.org>; Mon, 18 Nov 2013 20:15:17 -0800 (PST)
Received: by mail-bk0-f47.google.com with SMTP id mx12so1202084bkb.20 for <tls@ietf.org>; Mon, 18 Nov 2013 20:15:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=hgq5mfc3zhVMsBzg49/KdkppjmxqSlBZCtMV/gNdgYQ=; b=Sssc0fEhQAqkE224bGhh5uQF3s+EBGuXdDo71rabrYV5Je7ZrbWCdJuU4QgL0+TLm4 82vpEffWWXEjXrkyNxCR4S3T2zQKtDpelDArSBU2WnAWa0cnlwE+t6ONwWJ1221MR/62 kxdyaNGlKMYQ7qqN9TSG1gupwULXLoJHT2naBmgAqa7vaAz/gdSeBB7cQPfg1A2Drzts ptZlbVl102UeZXcN6vEWRZDbR3fAu7E1vKFDtkvE/YIWBexrtCaSFaQxxTYxkSbDR41S yXNh7bCniXTY7u3u5C2xiVE1TBmbnWHCqWSW/3fRVMFow0gWdZ81BNIV4Z0Z3BKQRwUv dOPA==
MIME-Version: 1.0
X-Received: by 10.204.232.78 with SMTP id jt14mr14686152bkb.3.1384834511213; Mon, 18 Nov 2013 20:15:11 -0800 (PST)
Received: by 10.205.18.193 with HTTP; Mon, 18 Nov 2013 20:15:11 -0800 (PST)
In-Reply-To: <528AD326.8080908@kirils.com>
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <CAPMEXDbgp5+Gg6mkMWNrcOzmAbSpv3kjftGV0cjpqvMnRxpw=A@mail.gmail.com> <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi> <CACsn0c=9GrO21ECZczB2zft3bVODcc=1ZRp3pG22c-rrDfTPXQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711DAEEE373@USMBX1.msg.corp.akamai.com> <528AD194.9060003@amacapital.net> <528AD326.8080908@kirils.com>
Date: Tue, 19 Nov 2013 17:15:11 +1300
Message-ID: <CAL2p+8SU5tXB0pB5NK0KbrFgJ_PB0BdSdRkcKi5nA4CDRJ0fMQ@mail.gmail.com>
From: Andy Wilson <andrewgwilson@gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary=485b3979d9261d467b04eb7fe90d
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 04:15:20 -0000

What about PolarSSL?

Surely there's discussions on the OpenSSL mailing lists about some of these
concerns


On 19 November 2013 15:55, Kirils Solovjovs <kirils.solovjovs@kirils.com>wrote;wrote:

>
>
> On 2013.11.19. 02:48, Andy Lutomirski wrote:
> > On 11/18/2013 07:02 AM, Salz, Rich wrote:
> >>> TLS 1.2 solves the same problem as TLS 1.0. It should therefore have
> the same API.
> >>
> >> Do you really believe this or are you trying to just be provocative?
> >
> > Watson's right.  OpenSSL is the norm and the OpenSSL API is
> > fundamentally wrong.  Let's see:
> >
> 1..4
> > The world needs a good, permissively licensed,
> > hard-or-impossible-to-misuse TLS API.  GnuTLS is probably the closest
> > there is, and it has its set of issues, too.
>
> Fully seconded, Andy!
>
> Still.. what do you think should be done to alleviate this step by step?
>
> Are you proposing to scrap openssl and start from scratch?
>
> --
> Kirils Solovjovs
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>



-- 
Regards

Andy