On 12/6/15, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > Jacob Appelbaum <ja...@appelbaum.net> writes: > >>On 12/4/15, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: >>> Jacob Appelbaum <ja...@appelbaum.net> writes: >>>>TCP/IP and DNS are out of scope, though obviously related. >>> Why are they out of scope? >> >>They are out of scope for the TLS working group as far as I understand the >>organization of the IETF in terms of mandate. Am I incorrect? > > They're out of scope in that TLS can't impose behaviour on DNS, but they're > not out of scope when it comes to considering what impact DNS has on TLS.
Of course. Thankfully there is work to fix DNS by... using TLS! > For > example the whole reason why TLS has certificates is because the TLS (well, > SSL then) folks realised that DNS wasn't secure, and that TLS had to deal > with > that issue. Otherwise, the SSL folks could have just said that DNS issues > are > out of scope, and we'll wait for DNSSEC to appear at some point and fix > things > (this is speaking from a 1995 time frame). Hopefully someday, we'll have the DNS security problem solved. Until then, I look forward to the TLS working group to not making name privacy _harder_ to implement. The great irony of DNS potentially using TLS for privacy is... oh, so much for that strategy. >>Or they could just call MinimaLT or CurveCP with mandatory Elligator TLS >> 1.3 >>and be done with it. > > That would probably be an easier process than the current one, provided > you're > ready to commit completely to the Bernstein monoculture. I admit, I'm biased here. I'd rather have a monoculture of security than polyculture of insecurely designed by commitee. All the best, Jacob _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
