[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Please discuss: draft-housley-evidence-extns-00

To: stefans@xxxxxxxxxxxxx (Stefan Santesson)
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
From: Martin Rex <martin.rex@xxxxxxx>
Date: Fri, 5 Jan 2007 22:10:12 +0100 (MET)
Cc: tls@xxxxxxxx
In-reply-to: <A15AC0FBACD3464E95961F7C0BCD1FF01B06431D@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> from "Stefan Santesson" at Jan 5, 7 05:34:12 pm
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex@xxxxxxx

Stefan Santesson wrote:
> 
> I don't think this discussion is fair to the proposal, but in a way it is
> what I expected to see when bringing the concept of "evidence"
> to a TLS group.
> 
> If we leave the concept of evidence out of scope and leave it
> to the lawyers to worry about, is there any technical merits?

I do remember a funny statement, some along the lines:
IBM's Microchannel is actually a 48-bit bus, which is why it is so
expensive.  16 of those 48-bits are entirely reserved for lawyers,
only 32-bits are available for the user.

I have a serious problem seeing a technology promoted in the IETF
security area whoose only purpose is to provide business opportunities
to lawyers.

What the public actually expects from us security experts is that
we design protocols that are reliably safe and secure so that
the number of occasions where users of our technology need to involve
lawyers and courts go WAY DOWN.  If we do not raise the unemployment
rate among lawyers, then we're probably not doing our job in an
adequate fashion.

If one needs cleartext network traces of what goes in TLS and
what comes out TLS, that can easily be done today (in fact,
an application architecture which can not do that today is
seriously broken-- it is impossible to provide REAL support for
larger mission-critical application software without capabilities
to trace at various protocol levels and API/component level),
and the crap with the digital signatures is entirely unnecessary
for technical analysis.

If there are no real benefits in technical and security terms
in a proposal, then you're just wasting a lot of peoples time
in this forum.

-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00
  - From: Kemp, David P.

References:
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00
  - From: Stefan Santesson

Prev by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Previous by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Next by thread: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Index(es):
- Date
- Thread