IETF Logo Mail Archive

RE: [TLS] security levels for TLS

"Kemp, David P." <DPKemp@missi.ncsc.mil> Wed, 10 October 2007 13:09 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfbJy-00052N-01; Wed, 10 Oct 2007 09:09:54 -0400
Received: from tls by megatron.ietf.org with local (Exim 4.43) id 1IfbJw-00052C-UA for tls-confirm+ok@megatron.ietf.org; Wed, 10 Oct 2007 09:09:52 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfbJw-0004z6-I0 for tls@lists.ietf.org; Wed, 10 Oct 2007 09:09:52 -0400
Received: from stingray.missi.ncsc.mil ([144.51.50.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IfbJk-0000T5-Np for tls@lists.ietf.org; Wed, 10 Oct 2007 09:09:47 -0400
Received: from Cerberus.missi.ncsc.mil (cerberus.missi.ncsc.mil [144.51.51.8]) by stingray.missi.ncsc.mil with SMTP id l9AD9M1m001372 for <tls@lists.ietf.org>; Wed, 10 Oct 2007 09:09:22 -0400 (EDT)
Received: from 144.51.60.33 by Cerberus.missi.ncsc.mil (InterScan VirusWall 6); Wed, 10 Oct 2007 09:09:22 -0400
Received: from EXCH.missi.ncsc.mil ([144.51.60.19]) by antigone.missi.ncsc.mil with Microsoft SMTPSVC(6.0.3790.3959); Wed, 10 Oct 2007 09:09:22 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: RE: [TLS] security levels for TLS
Date: Wed, 10 Oct 2007 09:09:22 -0400
Message-ID: <FA998122A677CF4390C1E291BFCF59890849871E@EXCH.missi.ncsc.mil>
In-Reply-To: <p0624082fc331b0ed0ecc@[192.168.1.100]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] security levels for TLS
Thread-Index: AcgKxNNFI4IrJ5qDT0qCCvs0oWHqPAAd54GQ
References: <c331d99a0710080621g7c0ec91et35c46553c23f4402@mail.gmail.com> <p0624082fc331b0ed0ecc@[192.168.1.100]>
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: tls@lists.ietf.org
X-OriginalArrivalTime: 10 Oct 2007 13:09:22.0294 (UTC) FILETIME=[C64E0960:01C80B3E]
X-TM-AS-Product-Ver: : ISVW-6.0.0.1396-3.6.0.1039-15474003
X-TM-AS-Result: : Yes--15.888500-0-31-1
X-TM-AS-Category-Info: : 31:0.000000
X-TM-AS-MatchedID: : 150567-702726-701576-706023-703366-139703-700272-709584-711077-705111-701437-700405-702012-703747-703808-705694-705026-709908-705584-708179-710207-700104-706538-700732-300015-139006-702645-700473-705526-704032-704171-705038-700810-700706-113228-705303-700370-701249-700047-148039-148050
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

NIST has taken the "build it and they will come" approach to
projecting a multi-dimensional security space down to a few
coarse-granularity levels in
http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf.

There is merit in what W3C is attempting to do, but it's
questionable whether a consensus process with no benevolent
dictator can pull it off.  And the more quantization levels
one attempts to define in a security metric, the more difficult
the problem becomes.  If W3C took the SP800-63 approach and
tried to characterize just 3 or 4 levels (good/better/best,
red/yellow/green, Harvey balls, etc), they would have a chance
at producing something that would be truly useful for policy-driven
access enforcement.  Human enforcement, of course, is a lost
cause - how many people even look at the padlock in the first
place, much less would make distinctions based on its color?

Dave



-----Original Message-----
From: Paul Hoffman [mailto:paul.hoffman@vpnc.org] 
Sent: Tuesday, October 09, 2007 6:30 PM
To: Nikos Mavrogiannopoulos; tls@lists.ietf.org
Subject: Re: [TLS] security levels for TLS

Ekr's right: this is not a tractable problem. We could certainly come 
up with some numbers, but they would be meaningless (and therefore 
dangerous) with so much context that we might as well have just given 
the context by itself.

The fact that the W3C wants to wade into this swamp should not lead 
us there, other than to maybe offer them a rope back to the shore 
where they started.

--Paul Hoffman, Director
--VPN Consortium


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email