Asking ALL TLS implementations to change to accommodate these things is a pretty blunt instrument. I want to be sure that this is necessary. (FWIW, I think that this is a reasonable request, I would probably be OK with a smaller maximum by default even.)
On 1 December 2016 at 00:22, Hubert Kario <hka...@redhat.com> wrote: > On Wednesday, 30 November 2016 11:20:01 CET Martin Thomson wrote: >> On 30 November 2016 at 05:54, Thomas Pornin <por...@bolet.org> wrote: >> > Any comments? >> >> I'm ambivalent on this generally: though I think that the general >> notion is OK, I'm not sure about the details. >> >> In particular, you need to be clearer in your motivations: the point >> is to ensure that little things (really little things) can talk to any >> other TLS implementation. That seems inherently good, but it might >> pay to dig into that some more: why is that good? > > because if they can't use TLS, they will create a bespoke protocol, and those > have a tendency of being completely broken, on conceptual level, let alone > implementation > > combine it with the fact that "trusted network" doesn't exist any more and you > end up with solutions that are insecure with nobody using them knows they are > insecure, especially in IoT space > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
