Yaron Sheffer <yaronf.i...@gmail.com> wrote: > Once again, we are moving the responsibility over security best > practices from vendors into users. We should know better by now.
yeah, I still don't really understand this. Why can't we put a security context into a new algorithm. Yoav explained to me offline that the argument against doing is, is that users might think they are safe to re-use keys, and might start doing that. But it isn't safe to do that with old RSA, ECDSA, DSA, etc. methods, and they might be surprised. okay, I follow this logic... but... either they listen, or they don't. Isn't this "solved" by putting the security context in, and simply not talking about it? We still tell users not to share keys, which is what we plan to do anyway. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec