On Sat, Oct 1, 2016 at 4:23 AM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Ryan Carboni <rya...@gmail.com> writes: > > >I've never quite understood what TLS was supposed to be protecting > against, > >and whether or not it has done so successfully, or has the potential to > do so > >successfully. > > It's the Inside-Out Thread Model (also shared by a number of other security > protocols, it's not just TLS), "our defence is SSL/TLS/IPsec/PKI/… and our > threat model is whatever that happens to defend against". DNSSEC is a > classic > example of this, the DNSSEC requirements doc was published *a decade* after > DNSSEC itself. Mind you, other protocols are still waiting for their > requirements doc to be published. PKIX specifically actively declined to > consider use cases because heck, this is a standards committee dammit, we > can't be expected to take into account what people want to do with it. > > Mind you, in the absence of any success criteria, no-one can say you've > failed... > > Peter. It is worth reading this paper apparently from 2010 on reusing ephemeral keys: https://www.math.uwaterloo.ca/~ajmeneze/publications/ephemeral.pdf Regardless, I can hope the Snowden disclosures will force people into action. But please. Continue to make the internet secure.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls