[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Please discuss: draft-housley-evidence-extns-00

To: mark@xxxxxxxxxxxxxxxxxxxx (Mark Brown)
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
From: Martin Rex <martin.rex@xxxxxxx>
Date: Sat, 6 Jan 2007 03:07:33 +0100 (MET)
Cc: tls@xxxxxxxx
In-reply-to: <009d01c7311c$e0a4cad0$6801a8c0@xxxxxxxxx> from "Mark Brown" at Jan 5, 7 04:57:29 pm
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex@xxxxxxx

Mark Brown wrote:
> 
> > 
> > Yes, but how does the *app* know that?
> 
> App doesn't need to know.  App can ignore all Evidence- messages so long as
> some component somewhere is storing them.
>                   ... maybe a wiretap on the TLS session is the preferred
> method of persisting the TLS Evidence.

It's time to shut down the discussion in this forum for procedural violations
of the IETF Danvers Doctrine.  The IETF will NOT put wire-tapping
hooks into its protocols.

-Martin

> 
> I think what I'm saying is that in a mutually authenticated,
> evidence-generating situation it is correct to be strict on failures and
> lenient on no-shows.  Both parties are very interested in this transaction,
> and they will understand if, for the sake of security, there's some
> inefficiencies incurred under rainy-day circumstances.

First you say that lots of applications don't actually care about
(TLS) evidence, its mainly for a wire-tapping third-party, then you
suddenly say that those applications do want communication failures
when there is a problem with the TLS Evidence (which the most
apps don't care about), and then you go even further and claim that
those majority of dont-know-or-care-about-tls-evidence will
happily pay for the significant extra overhead in processing time
incured by a service they never asked for in the first place.

This is ridiculous.

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00
  - From: Mark Brown

Prev by Date: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Previous by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
Index(es):
- Date
- Thread