Re: [TLS] security levels for TLS

Eric Rescorla <ekr@networkresonance.com> Fri, 12 October 2007 20:04 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgQkX-0000au-86; Fri, 12 Oct 2007 16:04:45 -0400
Received: from tls by megatron.ietf.org with local (Exim 4.43) id 1IgQkV-0000a7-SW for tls-confirm+ok@megatron.ietf.org; Fri, 12 Oct 2007 16:04:43 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgQkV-0000Zz-Iv for tls@lists.ietf.org; Fri, 12 Oct 2007 16:04:43 -0400
Received: from [209.213.211.195] (helo=delta.rtfm.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IgQkT-0002pN-RD for tls@lists.ietf.org; Fri, 12 Oct 2007 16:04:43 -0400
Received: from delta.rtfm.com (localhost.rtfm.com [127.0.0.1]) by delta.rtfm.com (Postfix) with ESMTP id 70EEA33C23; Fri, 12 Oct 2007 13:00:32 -0700 (PDT)
Date: Fri, 12 Oct 2007 13:00:32 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Subject: Re: [TLS] security levels for TLS
In-Reply-To: <200710122237.30517.nmav@gnutls.org>
References: <c331d99a0710080621g7c0ec91et35c46553c23f4402@mail.gmail.com> <470FC52E.6080707@pobox.com> <p06240828c3357a914a76@[192.168.1.3]> <200710122237.30517.nmav@gnutls.org>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20071012200032.70EEA33C23@delta.rtfm.com>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
Cc: tls@lists.ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

At Fri, 12 Oct 2007 22:37:30 +0300,
Nikos Mavrogiannopoulos wrote:
> 
> On Friday 12 October 2007, Paul Hoffman wrote:
> > At 12:04 PM -0700 10/12/07, Mike wrote:
> > >Apparently no argument will suffice, and you would rather keep the
> > >status quo than be proactive.  How long do you think it would take
> > >to add this extension to a TLS toolkit?  In my own code, I could
> > >probably do it in less than a day, with time left over to get in a
> > >round of 18 holes.
> >
> > No doubt. Of what positive and negative value would such code be?
> > Confusing and/or giving users false senses of security are definitely
> > negative.
> 
> Actually I think the latter sentence describes the current situation!

How so? Nothing at all stops you from putting any indicator you
like in your code. Why does IETF have to standardize it?

-Ekr




_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls