RE: [TLS] security levels for TLS
"Kemp, David P." <DPKemp@missi.ncsc.mil> Wed, 10 October 2007 13:09 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfbJy-00052N-01; Wed, 10 Oct 2007 09:09:54 -0400
Received: from tls by megatron.ietf.org with local (Exim 4.43) id 1IfbJw-00052C-UA for tls-confirm+ok@megatron.ietf.org; Wed, 10 Oct 2007 09:09:52 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfbJw-0004z6-I0 for tls@lists.ietf.org; Wed, 10 Oct 2007 09:09:52 -0400
Received: from stingray.missi.ncsc.mil ([144.51.50.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IfbJk-0000T5-Np for tls@lists.ietf.org; Wed, 10 Oct 2007 09:09:47 -0400
Received: from Cerberus.missi.ncsc.mil (cerberus.missi.ncsc.mil [144.51.51.8]) by stingray.missi.ncsc.mil with SMTP id l9AD9M1m001372 for <tls@lists.ietf.org>; Wed, 10 Oct 2007 09:09:22 -0400 (EDT)
Received: from 144.51.60.33 by Cerberus.missi.ncsc.mil (InterScan VirusWall 6); Wed, 10 Oct 2007 09:09:22 -0400
Received: from EXCH.missi.ncsc.mil ([144.51.60.19]) by antigone.missi.ncsc.mil with Microsoft SMTPSVC(6.0.3790.3959); Wed, 10 Oct 2007 09:09:22 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: RE: [TLS] security levels for TLS
Date: Wed, 10 Oct 2007 09:09:22 -0400
Message-ID: <FA998122A677CF4390C1E291BFCF59890849871E@EXCH.missi.ncsc.mil>
In-Reply-To: <p0624082fc331b0ed0ecc@[192.168.1.100]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] security levels for TLS
Thread-Index: AcgKxNNFI4IrJ5qDT0qCCvs0oWHqPAAd54GQ
References: <c331d99a0710080621g7c0ec91et35c46553c23f4402@mail.gmail.com> <p0624082fc331b0ed0ecc@[192.168.1.100]>
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: tls@lists.ietf.org
X-OriginalArrivalTime: 10 Oct 2007 13:09:22.0294 (UTC) FILETIME=[C64E0960:01C80B3E]
X-TM-AS-Product-Ver: : ISVW-6.0.0.1396-3.6.0.1039-15474003
X-TM-AS-Result: : Yes--15.888500-0-31-1
X-TM-AS-Category-Info: : 31:0.000000
X-TM-AS-MatchedID: : 150567-702726-701576-706023-703366-139703-700272-709584-711077-705111-701437-700405-702012-703747-703808-705694-705026-709908-705584-708179-710207-700104-706538-700732-300015-139006-702645-700473-705526-704032-704171-705038-700810-700706-113228-705303-700370-701249-700047-148039-148050
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
NIST has taken the "build it and they will come" approach to projecting a multi-dimensional security space down to a few coarse-granularity levels in http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf. There is merit in what W3C is attempting to do, but it's questionable whether a consensus process with no benevolent dictator can pull it off. And the more quantization levels one attempts to define in a security metric, the more difficult the problem becomes. If W3C took the SP800-63 approach and tried to characterize just 3 or 4 levels (good/better/best, red/yellow/green, Harvey balls, etc), they would have a chance at producing something that would be truly useful for policy-driven access enforcement. Human enforcement, of course, is a lost cause - how many people even look at the padlock in the first place, much less would make distinctions based on its color? Dave -----Original Message----- From: Paul Hoffman [mailto:paul.hoffman@vpnc.org] Sent: Tuesday, October 09, 2007 6:30 PM To: Nikos Mavrogiannopoulos; tls@lists.ietf.org Subject: Re: [TLS] security levels for TLS Ekr's right: this is not a tractable problem. We could certainly come up with some numbers, but they would be meaningless (and therefore dangerous) with so much context that we might as well have just given the context by itself. The fact that the W3C wants to wade into this swamp should not lead us there, other than to maybe offer them a rope back to the shore where they started. --Paul Hoffman, Director --VPN Consortium _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Yngve Nysaeter Pettersen
- Re: [TLS] security levels for TLS Paul Hoffman
- RE: [TLS] security levels for TLS Kemp, David P.
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Steven M. Bellovin
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Paul Hoffman
- Re: [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Paul Hoffman