adam at cypherspace.org
Mon Sep 30 04:02:09 EDT 2013
If we're going to do that I vote no ASN.1, and no X.509. Just BNF format
like the base SSL protocol; encrypt and then MAC only, no non-forward secret
ciphersuites, no baked in key length limits. I think I'd also vote for a
lot less modes and ciphers. And probably non-NIST curves while we're at it.
And support soft-hosting by sending the server domain in the client-hello.
Add TOFO for self-signed keys. Maybe base on PGP so you get web of trust,
thogh it started to get moderately complicated to even handle PGP
On Sun, Sep 29, 2013 at 10:51:26AM +0300, ianG wrote:
>On 28/09/13 20:07 PM, Stephen Farrell wrote:
>>b) is TLS1.3 (hopefully) and maybe some extensions for earlier
>> versions of TLS as well
>SSL/TLS is a history of fiddling around at the edges. If there is to
>be any hope, start again. Remember, we know so much more now. Call
>it TLS2 if you want.
>Start with a completely radical set of requirements. Then make it
>so. There are a dozen people here who could do it.
>Why not do the requirements, then ask for competing proposals?
>Choose 1. It worked for NIST, and committees didn't work for anyone.
>A competition for TLS2 would bring out the best and leave the
>bureaurats fuming and powerless.
>The cryptography mailing list
>cryptography at metzdowd.com
More information about the cryptography