[Cryptography] At what point should people not use TLS?

Christian Huitema huitema at huitema.net
Sat Apr 9 07:00:25 EDT 2016


On Friday, April 8, 2016 11:23 PM, Ryan Carboni wrote:
>
> Google is already moving away from TLS.

Bill Cox commented on that already. To reinforce his point, we see Google actively participating in the TLS WG. They also have an official position that he ad hoc security stack in QUIC will be replaced by TLS 1.3 when available.

> TLS is (more or less) restricted to the PKI ecosystem. TLS is poor for decentralized or federated applications.

There is some truth to the PKI link, but that is changing. For example, there are several IOT stacks that specify use of TLS with shared secrets -- definitely not linked to PKI. 

The rationale for using TLS rather than an ad hoc development is obvious: avoid the design errors risk with an independent design, and avoid the implementation bugs with a new from scratch implementation.

-- Christian Huitema





More information about the cryptography mailing list