Re: [TLS] Security today

To: "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] Security today
From: Mike <mike-list at pobox.com>
Date: Thu, 27 Mar 2008 19:27:46 -0700
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <0685A6ED2CB5D245B49DD0B07C3636CC2A8D543BC7 at NA-EXMSG-C104.redmond.corp.microsoft.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <47EC2A75.2050303 at pobox.com> <0685A6ED2CB5D245B49DD0B07C3636CC2A8D543BC7 at NA-EXMSG-C104.redmond.corp.microsoft.com>
Sender: tls-bounces at ietf.org
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

Michael Howard wrote:
> I think there is a deeper issue than this - people email
> sensitive data all the time with no encryption...

Yes, email security is problematic, but users have to do
a lot of manual configuration even to get set up for it.
And then, they need to convince their correspondents to
set up their system too.

With HTTPS, the infrastructure is already there, and it's
being used.  The problem is with server configuration:
key size, cipher suite selection.  If servers were simply
better configured, security would automatically improve.
Users wouldn't have to do anything differently; those
who we rely on for security are failing us!

Mike

P.S. and there's nothing you or I can do about it as a
user -- we can't influence the key sizes or cipher suites
offered by a server -- it's either take it or leave it.
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Security today
  - From: Rodney Thayer
- Re: [TLS] Security today
  - From: Michael Howard

References:
- [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Michael Howard

Prev by Date: Re: [TLS] Security today
Next by Date: Re: [TLS] Security today
Previous by thread: Re: [TLS] Security today
Next by thread: Re: [TLS] Security today
Index(es):
- Date
- Thread

Re: [TLS] Security today

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.