Re: SSL/TLS everywhere fail

> On 7 Dec 2015, at 13:08, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> 
> --------
> In message <390ACFC5-7664-45A4-9849-9EBFCA8F1568@lukasa.co.uk>, Cory Benfield writes:
> 
>>> You know, I'd actually prefer the draft isn't bloated with
>>> boilerplate text like that.  It should concentrate on the
>>> task at hand and simply caution:
>>> 
>>> "We remind the reader that Key-distribution is the only really
>>> hard cryptographic problem, do not take it lightly."
>> 
>> Here I disagree, I simply don't think that goes far enough.
>> Ambiguity in RFCs is bad.
> 
> That is not ambiguity, is pointing out that there are other
> problem-domains, outside the subject of the present document, which
> should be looked carefully at.
> 
> We also don't write treatises about transmission error detection
> into every document which uses TCP.

Correct, we don’t, we refer those to the draft that talks about it. Which is what I want to do here.

Quoting myself:

> Let’s take draft-thomson-signing and draft-thomson-encryption, and have them both normatively reference a draft that talks about key distribution. We don’t have to detail it in those drafts, but in my view we absolutely have to talk about it somewhere.

and

>  I don’t need it to be the product of HTTPbis, but I think it’s just unacceptable for us to say “use your best judgement”.

Cory

Received on Monday, 7 December 2015 13:11:56 UTC