Re: [TLS] Security today

To: Mike <mike-list at pobox.com>
Subject: Re: [TLS] Security today
From: Yoav Nir <ynir at checkpoint.com>
Date: Sat, 29 Mar 2008 22:11:11 +0300
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <47EE7CDE.4080106 at pobox.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <47EC2A75.2050303 at pobox.com> <8E5D6D9B-C7CC-4687-9BD5-586856D3A9C7 at checkpoint.com> <47ED921E.9050305 at pobox.com> <E52894BF-D52F-464F-8E61-23335E93A3FF at checkpoint.com> <47EE70BB.3000205 at pobox.com> <20080329165734.252F71CCCAD at kilo.rtfm.com> <47EE792D.4080307 at pobox.com> <20080329172441.435281CCE10 at kilo.rtfm.com> <47EE7CDE.4080106 at pobox.com>
Sender: tls-bounces at ietf.org

On Mar 29, 2008, at 8:31 PM, Mike wrote:
>>>> 3. The major servers support ephemeral DH, as do many clients.
>>> This is where you are wrong.  Here is a list of servers that will
>>> not negotiate DHE_RSA with any of AES128, AES256, or DES3:
>>
>> I'm talking about the implementations, not the server operators.
>> The server operators have chosen not to turn it on.
>
> And that is precisely why they need a document telling them just
> how damaging that choice is.  Which do you think will get more
> attention, a whitepaper outlining the dangers of not using DHE
> preferentially, written by some random guy named Mike, or the
> same paper with the backing of the TLS WG of the IETF Internet
> Security area?

I think most vendors can't tell the difference between an  
Informational RFC and a standards-track RFC, and they definitely can't  
tell the difference between some guy named Mike and some guy named  
Eric from "RTMF Inc." This is meaningful for people who regularly read  
IETF mailing lists or attend the meetings.

You may want to find some co-author. Two authors from difference  
organizations give an RFC more prestige, especially if one is from a  
university. Of course if you could get Bruce himself..., but I get a  
feeling he doesn't like standards bodies very much.
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Yoav Nir
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Yoav Nir
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Eric Rescorla
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Eric Rescorla
- Re: [TLS] Security today
  - From: Mike

Prev by Date: Re: [TLS] Next steps for Client Certificate URL
Next by Date: Re: [TLS] Security today
Previous by thread: Re: [TLS] Security today
Next by thread: Re: [TLS] Security today
Index(es):
- Date
- Thread

Re: [TLS] Security today

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.