On Mon, Feb 11, 2013 at 6:20 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz>wrote:
> <snip> > > ... I don't understand the resistance either, in the case > of TLS it's such a trivial change (in my case it was two lines of code > added > and two lines swapped, alongside hundreds of lines of ad-hockery dealing > with > MAC-then-encrypt vulnerabilities sidelined) that it was a complete > no-brainer. > In case anyone's interested, the bikeshedding starts here: > > http://www.ietf.org/mail-archive/web/tls/current/msg09161.html > > The full thread is: > > http://www.ietf.org/mail-archive/web/tls/current/threads.html#09161 > > We really need a few more cryptographers to weigh in (hint, hint), at the > moment the opposition to the change seems to be mostly based on speculation > and/or "I don't want to change my code". > It would be great if we could really get this fixed in TLS 1.3. Then ten years down the road when it finally reaches a critical mass and we can turn off all the previous broken versions, we might actually reach the state where we have a secure communication channel. (Well, that, and if we can do cert pinning, etc. or get rid of all the CAs, but that's a discussion that we've already pummeled cadaverous equines, so lets skip that this time around, okay?) Seriously, I'd like to be optimistic, but looking at this from an industry practitioner's perspective it truly will take us decades to kill off older, insecure versions of SSL / TLS. With some distributions of software, SSLv2 comes still enabled and many browsers in use only still support SSLv3 and TLS 1.0. (And given that WinXP seems to be the Cobol of the OS world, indeed those two may never die as well.) So yeah, by the time TLS 1.3 has reached critical mass that most businesses are willing to disable support for TLS 1.2 and earlier, I'll be looking at retirement. Just sayin'... -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
