Re: [TLS] Deployment ... Re: This working group has failed

Zooko Wilcox-OHearn <zooko@leastauthority.com> Tue, 19 November 2013 14:44 UTC

Return-Path: <zooko@leastauthority.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39C351ADFF1 for <tls@ietfa.amsl.com>; Tue, 19 Nov 2013 06:44:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, FUZZY_CPILL=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7FVWxM4MDlH for <tls@ietfa.amsl.com>; Tue, 19 Nov 2013 06:44:48 -0800 (PST)
Received: from mail-ea0-f177.google.com (mail-ea0-f177.google.com [209.85.215.177]) by ietfa.amsl.com (Postfix) with ESMTP id 464DF1ADFF0 for <tls@ietf.org>; Tue, 19 Nov 2013 06:44:48 -0800 (PST)
Received: by mail-ea0-f177.google.com with SMTP id n15so1812386ead.36 for <tls@ietf.org>; Tue, 19 Nov 2013 06:44:41 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=y2lcwPinD5+FO54rgvIx4Ce/2DCpgQhcfGaej73e76w=; b=azqzsf/onIPKXXWSmQGb+xzBhJGpzkNO/ZfB/65JWFfxDLrzl+LjXC+AsBJj7OkcT4 bIuYkmUMfZU1AWEkq2CIFXLANa/E8V489i4ohEmsA8I/V857HTBhna9aSOwQtDPNmSHO /TsjhRA+rzu+rV25rbdV6jrbb+ltqRJ16cMOWBbLv+fZLAA2HrV6d+HfPqnFu8v9uzvE qp5xr15K7f+6uixIGfY7w38qJIYBc3cfRbLB1lNYzgmVQ//DQLdn9Ux7wpG8wRSu2mSp nR/vGLwprbkWn5IHv5Y+Fp4LMOJ5MTgIMr/fxtUkBH8ZnviWM202cidL+ZrOIGZCYQYs T29g==
X-Gm-Message-State: ALoCoQlj+71OgP/B7rTPry7CU9S22q0W7pqKC6R9bnwymWUOME7lIvkX1+d4HdqWUKdE9fWmfu0P
MIME-Version: 1.0
X-Received: by 10.15.86.78 with SMTP id h54mr216883eez.129.1384872281476; Tue, 19 Nov 2013 06:44:41 -0800 (PST)
Received: by 10.223.174.198 with HTTP; Tue, 19 Nov 2013 06:44:41 -0800 (PST)
X-Originating-IP: [97.118.93.210]
In-Reply-To: <528AD326.8080908@kirils.com>
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <CAPMEXDbgp5+Gg6mkMWNrcOzmAbSpv3kjftGV0cjpqvMnRxpw=A@mail.gmail.com> <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi> <CACsn0c=9GrO21ECZczB2zft3bVODcc=1ZRp3pG22c-rrDfTPXQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711DAEEE373@USMBX1.msg.corp.akamai.com> <528AD194.9060003@amacapital.net> <528AD326.8080908@kirils.com>
Date: Tue, 19 Nov 2013 14:44:41 +0000
Message-ID: <CAM_a8Jy_x-qZFdpxsLMnFjuYeAJBwqNqQLrnsAcf05GU5PuJfw@mail.gmail.com>
From: Zooko Wilcox-OHearn <zooko@leastauthority.com>
To: tls@ietf.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 14:44:50 -0000

On Tue, Nov 19, 2013 at 2:55 AM, Kirils Solovjovs
<kirils.solovjovs@kirils.com> wrote:
>
>> The world needs a good, permissively licensed,
>> hard-or-impossible-to-misuse TLS API.  GnuTLS is probably the closest
>> there is, and it has its set of issues, too.
>
> Fully seconded, Andy!
>
> Still.. what do you think should be done to alleviate this step by step?
>
> Are you proposing to scrap openssl and start from scratch?

There are many alternatives to openssl. Wikipedia has a table:

https://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations

That list is not complete — for example it omits Botan:

http://botan.randombit.net/tls.html

Oh, you require a permissive licence? Judging from the "Overview"
table on that wikipedia page, that narrows it down to NSS or Botan for
you.

Regards,

Zooko Wilcox-O'Hearn

Founder, CEO, and Customer Support Rep
https://LeastAuthority.com
Freedom matters.