W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Mon, 07 Dec 2015 13:08:25 +0000
To: Cory Benfield <cory@lukasa.co.uk>
cc: Jacob Appelbaum <jacob@appelbaum.net>, Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-ID: <66324.1449493705@critter.freebsd.dk>
--------
In message <390ACFC5-7664-45A4-9849-9EBFCA8F1568@lukasa.co.uk>, Cory Benfield writes:

>> You know, I'd actually prefer the draft isn't bloated with
>> boilerplate text like that.  It should concentrate on the
>> task at hand and simply caution:
>> 
>>  "We remind the reader that Key-distribution is the only really
>>  hard cryptographic problem, do not take it lightly."
>
>Here I disagree, I simply don't think that goes far enough. 
>Ambiguity in RFCs is bad.

That is not ambiguity, is pointing out that there are other
problem-domains, outside the subject of the present document, which
should be looked carefully at.

We also don't write treatises about transmission error detection
into every document which uses TCP.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Monday, 7 December 2015 13:08:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC