Re: [TLS] Deployment ... Re: This working group has failed
Andy Wilson <andrewgwilson@gmail.com> Tue, 19 November 2013 04:15 UTC
Return-Path: <andrewgwilson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 113221AE344 for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 20:15:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FUZZY_CPILL=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CoBzwGXDcSNU for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 20:15:18 -0800 (PST)
Received: from mail-bk0-x22f.google.com (mail-bk0-x22f.google.com [IPv6:2a00:1450:4008:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id AF54C1AE8FA for <tls@ietf.org>; Mon, 18 Nov 2013 20:15:17 -0800 (PST)
Received: by mail-bk0-f47.google.com with SMTP id mx12so1202084bkb.20 for <tls@ietf.org>; Mon, 18 Nov 2013 20:15:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=hgq5mfc3zhVMsBzg49/KdkppjmxqSlBZCtMV/gNdgYQ=; b=Sssc0fEhQAqkE224bGhh5uQF3s+EBGuXdDo71rabrYV5Je7ZrbWCdJuU4QgL0+TLm4 82vpEffWWXEjXrkyNxCR4S3T2zQKtDpelDArSBU2WnAWa0cnlwE+t6ONwWJ1221MR/62 kxdyaNGlKMYQ7qqN9TSG1gupwULXLoJHT2naBmgAqa7vaAz/gdSeBB7cQPfg1A2Drzts ptZlbVl102UeZXcN6vEWRZDbR3fAu7E1vKFDtkvE/YIWBexrtCaSFaQxxTYxkSbDR41S yXNh7bCniXTY7u3u5C2xiVE1TBmbnWHCqWSW/3fRVMFow0gWdZ81BNIV4Z0Z3BKQRwUv dOPA==
MIME-Version: 1.0
X-Received: by 10.204.232.78 with SMTP id jt14mr14686152bkb.3.1384834511213; Mon, 18 Nov 2013 20:15:11 -0800 (PST)
Received: by 10.205.18.193 with HTTP; Mon, 18 Nov 2013 20:15:11 -0800 (PST)
In-Reply-To: <528AD326.8080908@kirils.com>
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <CAPMEXDbgp5+Gg6mkMWNrcOzmAbSpv3kjftGV0cjpqvMnRxpw=A@mail.gmail.com> <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi> <CACsn0c=9GrO21ECZczB2zft3bVODcc=1ZRp3pG22c-rrDfTPXQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711DAEEE373@USMBX1.msg.corp.akamai.com> <528AD194.9060003@amacapital.net> <528AD326.8080908@kirils.com>
Date: Tue, 19 Nov 2013 17:15:11 +1300
Message-ID: <CAL2p+8SU5tXB0pB5NK0KbrFgJ_PB0BdSdRkcKi5nA4CDRJ0fMQ@mail.gmail.com>
From: Andy Wilson <andrewgwilson@gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="485b3979d9261d467b04eb7fe90d"
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 04:15:20 -0000
What about PolarSSL? Surely there's discussions on the OpenSSL mailing lists about some of these concerns On 19 November 2013 15:55, Kirils Solovjovs <kirils.solovjovs@kirils.com>wrote: > > > On 2013.11.19. 02:48, Andy Lutomirski wrote: > > On 11/18/2013 07:02 AM, Salz, Rich wrote: > >>> TLS 1.2 solves the same problem as TLS 1.0. It should therefore have > the same API. > >> > >> Do you really believe this or are you trying to just be provocative? > > > > Watson's right. OpenSSL is the norm and the OpenSSL API is > > fundamentally wrong. Let's see: > > > 1..4 > > The world needs a good, permissively licensed, > > hard-or-impossible-to-misuse TLS API. GnuTLS is probably the closest > > there is, and it has its set of issues, too. > > Fully seconded, Andy! > > Still.. what do you think should be done to alleviate this step by step? > > Are you proposing to scrap openssl and start from scratch? > > -- > Kirils Solovjovs > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Regards Andy
- [TLS] This working group has failed Watson Ladd
- [TLS] Deployment ... Re: This working group has f… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Taylor Hornby
- Re: [TLS] This working group has failed SM
- Re: [TLS] This working group has failed Ralph Holz
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Yoav Nir
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] This working group has failed Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Mark Nottingham
- Re: [TLS] Deployment ... Re: This working group h… Kyle Hamilton
- Re: [TLS] Deployment ... Re: This working group h… Juho Vähä-Herttua
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Andrei Popov
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Geoffrey Keating
- Re: [TLS] Deployment ... Re: This working group h… Michael Staubermann
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Joshua Davies
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Kirils Solovjovs
- Re: [TLS] Deployment ... Re: This working group h… Andy Wilson
- Re: [TLS] Deployment ... Re: This working group h… Marsh Ray
- Re: [TLS] Deployment ... Re: This working group h… Ralf Skyper Kaiser
- Re: [TLS] Deployment ... Re: This working group h… Ben Laurie
- [TLS] TLS protocol version intolerance [Was: Re: … Ivan Ristić
- Re: [TLS] Deployment ... Re: This working group h… Zooko Wilcox-OHearn
- Re: [TLS] TLS protocol version intolerance [Was: … Michael Sweet
- Re: [TLS] TLS protocol version intolerance [Was: … Eric Rescorla
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- [TLS] multiple clients in one process (was: Re: D… Patrick Pelletier
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski
- Re: [TLS] multiple clients in one process (was: R… Daniel Kahn Gillmor
- Re: [TLS] multiple clients in one process (was: R… Nico Williams
- Re: [TLS] multiple clients in one process (was: R… Nikos Mavrogiannopoulos
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski