On Mon, Mar 16, 2015 at 3:43 PM, marcelo bagnulo braun <[email protected]> wrote: > We would like to ask the WG to express their support to adopt one (or none) > of the following documents as WG document that will serve as a basis for the > protocol specification. Of course, the draft, if adopted, will need to > updated according to the WG input. In particular, they need to be updated to > not protect the TCP header. > > > The candidate drafts are: > > https://datatracker.ietf.org/doc/draft-bittau-tcpinc-tcpcrypt/ > https://datatracker.ietf.org/doc/draft-rescorla-tcpinc-tls-option/
I strongly support draft-bittau-tcpcrypt, having read the drafts and experimented with the prior tcpcrypt implementation. Draft-bittau-tcpcrypt is generally well written and clear and squarely addresses the requirements of the application space. I do not support draft-rescorla-tcpinc-tls. The argument to drive more towards a TLS monoculture on the internet is not completely without merit but the complexity of the complete TLS solution (including the rather enormous TLS protocol stack) weighed heavily against the security and maintainability of that solution path. This is materially attested to the much higher running-code-factor that we've seen with TCPCRYPT than alternatives. The track-record of actual TLS implementations in practice should also not be disregarded; the reality seems to be that very general high security cryptographic protocols may be at the edge of or beyond the internet communities current collective engineering ability; The narrower scope and purpose of tcpcrypt vastly simplifies both protocol and implementation review, even though it may somewhat increases the total number of security critical lines of code to be reviewed (though even that isn't clear.). _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
