On 8/26/2011 11:14 PM, ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com wrote:
+1. If you want signatures, do them properly. Don't pretend a transfer
protection mechanism covering exactly one hop provides real object security,
because it doesn't.
I could have sworn that TLS was an e2e mechanism. Maybe you're using
the term "hop" in a manner unfamiliar to me?
And as for the "encrypt so the really secret stuff doesn't stand out"
argument,
that's fine as long as it doesn't cause inconvenience to anyone. That's
clearly
not the case here. And I'm sorry, the "mistakes were made" notion doesn't
really fly: Certificates aren't a "set it and forget it" thing, so if you
haven't noted expiration dates on someone's to-do list so they can be updated
before expiration, you're not doing it right.
Isn't "not doing it right" pretty much the definition of "mistake"
(assuming no evil intent)?
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf