On 14/03/18 23:32, nalini elkins wrote: > But, it is a very difficult issue. If I can use a different analogy, if > the City of Monterey built a new sewer system and told me that to connect > to it, I had to build a new house, I would scream!
Analogies cannot be used to draw conclusions, merely to illustrate. That analogy doesn't help illustrate anything for me fwiw. > TLS is used in many, many places. The Internet is critical to the > businesses of the world. Yes. Both fine reasons to not mess about with, weaken or try break the TLS protocol. BTW - while you and others may constantly over-claim and say your consortium represents "enterprises," I assume you do not claim to represent all "business." ;-) > You can't just say use something other than > TLS. Yes. I can. Kerberos and IPsec are used within many enterprise networks. TLS is not the only tool in the toolbox. If your consortium want a multi-party security protocol that does not affect other folks' security as you seem to claim, then that is the obvious route to explore. And that protocol needs to be non-interoperable with TLS (maybe even non-confusable in some stronger sense) IMO in order to avoid the risks that breaking TLS would result in us all taking. > Or don't use the Internet. It's not so easy. I never said that. Why invent something like that? > I wish we could actually talk to each other quietly and reasonably. This > is a very, very difficult problem. I am just fine with talking openly on the mailing list, as per IETF processes. I see no benefit in smokey back room discussions here at all, and only downsides to such. S.
0x7B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
