Re: https

Two thoughts.

On the one hand, Ned is absolutely correct: the thing we want to make 
absolutely sure of is the integrity of the object. The way of doing that is 
making sure the object itself can prove its integrity.  In the messaging world, 
we do this with S/MIME.  The use of TLS for SMTP or IMAP does not convey any 
integrity assertions for the object.  Note this object should be signed by me 
when you receive it, by the way.

On the other hand, while TLS is not at all sufficient for the integrity of the 
object, it is necessary to protect the individual accessing the object.  There 
are a number of countries where asking for the RFCs relating to privacy, 
security, and threats to such too many times could get you arrested.  Likewise, 
the presumption is the object might be signed, but it would be insane and 
useless to encrypt the object.  However, there are many, many times one would 
want the object encrypted, even if only to compress it.

Given that, the question should not be, "Why are we using TLS if the object is 
not private?," but "What are we not using secure connections for all IETF 
access, over any modality?"

One of the answers seems to be, "Because it sucks."  That is the sentiment of 
the message below.

So we are eating our dog food, and we are getting indigestion.  Sounds like an 
opportunity to fix it!

--
- Eric

On Aug 26, 2011, at 3:32 PM, Melinda Shore wrote:

On 08/26/2011 11:22 AM, Adam Novak wrote:

For what reasons? Is it that things scheduled every year or every ten
years are easy for admins to miss? Or is it that it's hard to stay on
top of certificate revocations when they occur?


Firewall researchers have found at least one error of some sort in
99% (yes, really) of the firewall rulesets they've examined.  If
I had to guess how many PKI deployments have problems, I'd put it in
the same ballpark.  They seem to fall into several broad categories
1) naming (including SANs), 2) expiration, 3) faulty trust
establishment.  These may or may not be fixable, but what doesn't
appear to be fixable is that too people don't really understand what 
certificates represent, the difference between a certificate and
a key, or what it means to TLS-protect traffic.

Listen to Ned, Adam.  He's right.

Melinda
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
Re: https, (continued) Re: https, Eliot Lear Re: https, Donald Eastlake Re: https, t.petch Re: https, John C Klensin Re: https, ned+ietf Re: https, Adam Novak Re: https, ned+ietf Re: https, Adam Novak Re: https, Keith Moore Re: https, Melinda Shore Re: https, Eric Burger <= Re: https, John C Klensin Re: https, Hector Santos Re: https, Adam Novak Re: https, Hector Santos Re: https, t.petch Re: https, Glen Zorn Re: https, t.petch Re: https, t.petch Re: https, Glen Zorn Re: https, ned+ietf