[Ach] rfc7525

Aaron Zauner azet at azet.org
Mon Jun 1 12:32:37 CEST 2015

Hi Ian,

I've waited a bit for others to state the obvious.

ianG wrote:
> How does their project compare to the BetterCrypto project?  Can we shut
> up shop now that the IETF is in the game?  Is there a very different
> purpose?  Or are they just faffing around in committee again...
> Does the RFC format help?  I would have thought the notion of publishing
> an RFC was strictly wrong because security is an arms race and only a
> dynamic document process can help.
> How did their work compare to BetterCrypto's advice?  Was there anything
> in there that we didn't know?  Is there anything they didn't know?
> Is their advice useful to ... whom?  sysadms?  Implementors?  Designers?
>  I gave it a quick skim and it seemed to be rather ... useless to
> sysadms for example.

I think the RFC is an important point-in-time document regarding TLS
security. This document won't give advise on how to configure various
services though. It's not exactly aimed at the sysadmin. It is a BCP we
should all follow and the similarities to bettercrypto are no
coincidence. Others and myself have contributed to that document. I'm
still a bit unhappy that TLS 1.0 didn't get a "MUST NOT negotiate" in
the process. But all-in-all this is an excellent BCP. I don't think it
makes our efforts null; these are two different objectives after all. OR
maybe the same objective on different levels of expertise. I don't
expect sysadmins to read BCPs (they should though).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150601/cb1bf439/attachment.sig>

More information about the Ach mailing list