On 6 May 2016, at 12:14, Adrien de Croy wrote:
The original text makes a claim about security and privacy around TLS.
This is not true in the real world, and is becoming less true with
every MitM deployed.
It is as true now as it has ever been. Saying that TLS is not secure
because there are environments where users can be tricked into lower
security is silly in that that same statement is true of every security
protocol.
If you want to propose a document to the IETF that says "TLS (and all
other security protocols) should not be considered secure because users
can be tricked", do so in SAAG.* It's not appropriate for a foo-over-TLS
protocol document.
--Paul
* I doubt that such a document will be well received, but I have been
wrong about these types of predictions often.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
