[Ach] rfc7525

ianG iang at iang.org
Sun May 31 15:03:44 CEST 2015

On 31/05/2015 12:00 pm, Aaron Zauner wrote:
> Hi Ian,
> * Ian G <iang at iang.org> [30/05/2015 14:59:57] wrote:
>> Has anyone considered/used/reviewed the document known as RFC7525?
>> https://tools.ietf.org/html/rfc7525
> I have. What do you want to know? :)

Of course you have ;-)  What I wanted to know ... well, just gossip really.

How does their project compare to the BetterCrypto project?  Can we shut 
up shop now that the IETF is in the game?  Is there a very different 
purpose?  Or are they just faffing around in committee again...

Does the RFC format help?  I would have thought the notion of publishing 
an RFC was strictly wrong because security is an arms race and only a 
dynamic document process can help.

How did their work compare to BetterCrypto's advice?  Was there anything 
in there that we didn't know?  Is there anything they didn't know?

Is their advice useful to ... whom?  sysadms?  Implementors?  Designers? 
  I gave it a quick skim and it seemed to be rather ... useless to 
sysadms for example.

Really, gossip!  As you might know there is this rolling foodfight over 
protocol design going on over at IETF as people are pointing out that 
the process they use might be part of the problem not the solution.


More information about the Ach mailing list