[TLS] Apologies
Martin Rex <mrex@sap.com> Fri, 18 December 2009 20:37 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A8F13A6A7D for <tls@core3.amsl.com>; Fri, 18 Dec 2009 12:37:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.453
X-Spam-Level:
X-Spam-Status: No, score=-5.453 tagged_above=-999 required=5 tests=[AWL=-0.693, BAYES_05=-1.11, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q+t1EAmWGemN for <tls@core3.amsl.com>; Fri, 18 Dec 2009 12:37:53 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id DBAC23A67D1 for <tls@ietf.org>; Fri, 18 Dec 2009 12:37:52 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id nBIKbP4x019127 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 18 Dec 2009 21:37:25 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200912182037.nBIKbN81008416@fs4113.wdf.sap.corp>
To: marsh@extendedsubset.com, Pasi.Eronen@nokia.com, ekr@networkresonance.com, jsalowey@cisco.com, nelson@bolyard.me
Date: Fri, 18 Dec 2009 21:37:23 +0100
In-Reply-To: <4B2BC565.7020406@extendedsubset.com> from "Marsh Ray" at Dec 18, 9 12:09:41 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: tls@ietf.org
Subject: [TLS] Apologies
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2009 20:37:54 -0000
Dear Marsh, Pasi, Eric, Joe, Nelson and several others, I want to apologize to you for having been a mean and offending a*****e at various times during the discussion on this list over the last 6 weeks. I really did not mean to slander on anyone's qualification as a software engineer, and I really envy everyone working for a smaller company than I do, for not having to wrangle with so many software logisitics processes as I'm facing in my work. I'm really only interested in the technology and want to provide value to my customers based on the technology developed in this forum, and since many of our customers are running pretty big intranet installations or our software that is connected to a lot of hardware controls (materials management, supply chain management, logistics) with a plethoria of devices I have never seen myself, I'm concerned about changes to this technology that may have an impact on the installed base of our customers. I assume that those long-standing key contributors to the TLS WG who were asked to join Project Mogul to help produce a solution to this serious vulnerability in the TLS protocol had to sign an NDA, and did not deliberately exclude the rest of us from the discussion. I could imagine that they felt quite uneasy about this situation. It is definitely not my intention to get in the way of providing a solution, I only want to help getting off some rough edges in the solution so that the likelyhood of casualties and severity of the damage out in field will be small. Some of the commercial providers have a lot of experience with the presence of TLS extensions in the products they ship, because they have been testing these capabilities over the course of several years. Evidently, it hasn't been easy for them either, visible from the availabilty of re-connect fallbacks to extension-less Hellos in pretty much all current apps that use TLS implementation capable of TLS extensions. For some of the mainstream consumers of this technology, and that includes us, sending out TLS extensions is a first. The third-party OEM SSL library that we acquired 10 years ago has never before sent out any TLS extensions, and none of our applications on top of it therefore has any re-connect fallback provisions that could be used if suddenly sending a TLS extension results in an interop problem. In difference to many other software vendors, we support our software for around 12 years (2 years of that is development, 10 years usage) on a platform, which is what our customers demand from us and for which they pay a non-negligible amount of maintenance fees. This time of active usage is often longer than the maintenance provided by the vendor of the underlying platform. It around 40 different hardware platforms and os-releases (32-bit and 64-bit where available) and includes fairly exotic platforms such as IBM OS/390 aka z/OS (an EBCDIC-platform, where our oldest supported OS-release still in use at our customers is OS/390 10.00), which was dropped out of vendor-support maybe 5 years ago. More mainstream platforms may be RedHat 6.1, OSF/1 4.0, Solaris 2.6. It's difficult to find an OEM who covers such a huge variety of platforms and for such a long time, long exceeding the maintenance of the OS vendors. Simply switching from one supplier to another is not an option, because the is much more to TLS than the wire-protocol. There are APIs, API-semantics, and most of all credentials and trust-anchor management and UIs around that. Dealing with the PKI-configuration and policy parts of the software is much more difficult and time-consuming that dealing with the TLS communication part. I would really apprececiate if we could get back to work and treat each other like professional engineers. Sincerely, -Martin Rex
- [TLS] Updated draft Eric Rescorla
- Re: [TLS] Updated draft Michael D'Errico
- Re: [TLS] Updated draft Robert Dugal
- Re: [TLS] Updated draft Marsh Ray
- Re: [TLS] Updated draft Robert Dugal
- Re: [TLS] Updated draft Eric Rescorla
- Re: [TLS] Updated draft Martin Rex
- Re: [TLS] Updated draft Marsh Ray
- Re: [TLS] Updated draft Martin Rex
- Re: [TLS] Updated draft Michael D'Errico
- Re: [TLS] Updated draft Stephen Farrell
- Re: [TLS] Updated draft Martin Rex
- Re: [TLS] Updated draft Martin Rex
- Re: [TLS] Updated draft Marsh Ray
- Re: [TLS] Updated draft Martin Rex
- Re: [TLS] Updated draft Michael D'Errico
- [TLS] SCSV vs RI when both specified. Was: Update… Marsh Ray
- Re: [TLS] SCSV vs RI when both specified. Was: Up… Martin Rex
- [TLS] Apologies Martin Rex
- Re: [TLS] Updated draft - editorial tom.petch
- Re: [TLS] Updated draft tom.petch
- Re: [TLS] Updated draft Marsh Ray
- Re: [TLS] Updated draft tom.petch
- Re: [TLS] Updated draft: Minor Edits peter.robinson