[Cryptography] TLS/DTLS Use Cases
Paul Hoffman
paul.hoffman at vpnc.org
Tue Apr 1 17:49:57 EDT 2014
On Apr 1, 2014, at 12:10 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
> In a different thread, pgut001 at cs.auckland.ac.nz (Peter Gutmann) wrote:
>
>> Documenting use cases is an unnecessary distraction from doing actual work.
>> You'll note that our charter does not say "enumerate applications that want
>> to use TLS".
>>
>> (Yes, someone actually said that).
>
> As the principal instigator of using use cases to think about the proposed TLS 1.3, I have been trying to come up with a small number of use cases that cover most of the application space. So far for TLS I have:
>
> HTTP -- the original SSL use case
> Email -- POP, SMTP, IMAP which are not well served by TLS authentication
>
> Are there any others that should be included?
SIP is a big one.
But, to me, "every layer 7 protocol that runs over TCP" is a valid response. TLS' security properties add assurance to a client that they are reaching the intended server (based on IP address or DNS name) and encryption of the layer 7 protocol. Every other security property is just gravy and should probably be ignored.
> I would like to have some for DTLS as well, DTLS applies cryptography to UDP. It seems that DNS might be a good candidate, but can encryption even help DNS privacy?
WORM CAN ON A SLIPPERY SLOPE! Being actively discussed in the IETF. Opinions here, strong as they might be, probably won't help one way or the other. (My opinion is "yes" with at least two sentences after it.)
--Paul Hoffman
More information about the cryptography
mailing list