On Aug 17, 2015 9:08 AM, "Salz, Rich" <rs...@akamai.com> wrote: > > > I was more interested in the motivation. Same for Apple, > > why would you implement something that pretty much no-one else (at the > > time) supported, and for good reason? > > Perhaps because this was a year before Snowden and the mindset was unquestioning complete RFC implementation?
<rant> We've known since at least 2001 that the TLS RFC contains misfeatures. Core OpenSSL developers wrote documents detailing how TLS connections can be attacked through the use of these features, documents still sitting on the OpenSSL website, dated 2004. These documents were not brought up on the TLS mailing list, or at TLS meetings. It's not until 2011 that we started to see fixes for these problems. Why wasn't the attitude always one of maintaining security for users? If Snowden told you the Internet was a scary place, you weren't paying attention. </rant> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
