Re: SSL/TLS everywhere fail

> On 7 Dec 2015, at 13:19, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> On 8 December 2015 at 00:11, Cory Benfield <cory@lukasa.co.uk> wrote:
>>> Let’s take draft-thomson-signing and draft-thomson-encryption, and have them both normatively reference a draft that talks about key distribution. We don’t have to detail it in those drafts, but in my view we absolutely have to talk about it somewhere.
> 
> I apologize for missing this, I think that it's an important question
> to address... (In my defence, the amount of digital ink spilled here
> is beyond my current ability to track.)
> 
> I don't think that this is a sensible strategy.  There are a few uses
> already for both drafts, both of which have very different key
> management strategies.  Attempting to button this down in the way you
> suggest would necessarily bless or condemn a whole range of
> possibilities.

That’s a fair objection, Martin. Can I ask then, what some of these uses are, and whether they have commonalities? I’m still extremely concerned about having no guidance whatsoever on what to do here.

Received on Monday, 7 December 2015 13:24:42 UTC