[147334] in cryptography@c2.net mail archive
Re: [Cryptography] TLS2
daemon@ATHENA.MIT.EDU (Adam Back)
Mon Sep 30 10:01:57 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 30 Sep 2013 10:02:09 +0200
From: Adam Back <adam@cypherspace.org>
To: ianG <iang@iang.org>
In-Reply-To: <5247DBFE.4000202@iang.org>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
If we're going to do that I vote no ASN.1, and no X.509. Just BNF format
like the base SSL protocol; encrypt and then MAC only, no non-forward secret
ciphersuites, no baked in key length limits. I think I'd also vote for a
lot less modes and ciphers. And probably non-NIST curves while we're at it.
And support soft-hosting by sending the server domain in the client-hello.
Add TOFO for self-signed keys. Maybe base on PGP so you get web of trust,
thogh it started to get moderately complicated to even handle PGP
certificates.
Adam
On Sun, Sep 29, 2013 at 10:51:26AM +0300, ianG wrote:
>On 28/09/13 20:07 PM, Stephen Farrell wrote:
>
>>b) is TLS1.3 (hopefully) and maybe some extensions for earlier
>> versions of TLS as well
>
>
>SSL/TLS is a history of fiddling around at the edges. If there is to
>be any hope, start again. Remember, we know so much more now. Call
>it TLS2 if you want.
>
>Start with a completely radical set of requirements. Then make it
>so. There are a dozen people here who could do it.
>
>Why not do the requirements, then ask for competing proposals?
>Choose 1. It worked for NIST, and committees didn't work for anyone.
>
>A competition for TLS2 would bring out the best and leave the
>bureaurats fuming and powerless.
>
>
>
>iang
>_______________________________________________
>The cryptography mailing list
>cryptography@metzdowd.com
>http://www.metzdowd.com/mailman/listinfo/cryptography
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
