[Ach] rfc7525

Max Maass max at velcommuta.de
Sun May 31 22:52:56 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I have not read the full RFC yet, but I just wanted to note that they
are actually referencing ACH in that RFC:
https://tools.ietf.org/html/rfc7525#ref-BETTERCRYPTO

So, ACH has definitely not become obsolete because of this RFC - and I
would not expect it to do so in the future, since the RFC is mostly
concerned with the general concepts of TLS, while ACH is actually
offering actionable advice on specific software and its configuration.
So, the goals are different and, in my view, they will probably
complement each other instead of conflicting.

But, as I said, I haven't read it through yet, so I'd also be
interested in "gossip" :).

On 31.05.2015 15:03, ianG wrote:
> On 31/05/2015 12:00 pm, Aaron Zauner wrote:
>> Hi Ian,
>> 
>> * Ian G <iang at iang.org> [30/05/2015 14:59:57] wrote:
>>> Has anyone considered/used/reviewed the document known as
>>> RFC7525?
>>> 
>>> https://tools.ietf.org/html/rfc7525
>> 
>> I have. What do you want to know? :)
> 
> 
> Of course you have ;-)  What I wanted to know ... well, just gossip
> really.
> 
> 
> 
> How does their project compare to the BetterCrypto project?  Can we
> shut up shop now that the IETF is in the game?  Is there a very
> different purpose?  Or are they just faffing around in committee
> again...
> 
> Does the RFC format help?  I would have thought the notion of
> publishing an RFC was strictly wrong because security is an arms
> race and only a dynamic document process can help.
> 
> How did their work compare to BetterCrypto's advice?  Was there
> anything in there that we didn't know?  Is there anything they
> didn't know?
> 
> Is their advice useful to ... whom?  sysadms?  Implementors?
> Designers? I gave it a quick skim and it seemed to be rather ...
> useless to sysadms for example.
> 
> 
> 
> Really, gossip!  As you might know there is this rolling foodfight
> over protocol design going on over at IETF as people are pointing
> out that the process they use might be part of the problem not the
> solution.
> 
> 
> 
> iang _______________________________________________ Ach mailing
> list Ach at lists.cert.at 
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQJ8BAEBCgBmBQJVa3SoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEM0ODA5N0EzQUY3RDU1MTg5QTc3QUMx
NjlGOTYyNDM0MDg4MjVFAAoJEBafliQ0CIJe598P/10GWwWZfV8alnCsERSyndi7
EMcxYtqRn7a3RHcTuzObWd3lZeOf/x019kt3lsvaPe/Bwbh9CHJnsSoWiiWiIpna
m+TV+thZyUNf2DrPvc1cDid2a1vra52L839a9lG2X8YIHjx3jIbUPK9cFptRPBQH
/j2hmUlgyVv6amuxeDpSmUwtkNVTcdDayMpuE371Ye6FEdpH6vZY0nFpgrHkPk0F
DJYyDgxRUXCR3OGLzNaXd8KrqBwzNuynBEqw/apc1+241yypWpkVa8F5h77SCPxR
KcCBZNFmFSl9BjXBciIKC0NyGXzT7j+83Wl4JP1xExlN7KSgkG3VyU4i57HCpK12
wMoOz04VtdYOg46yk1dOQe4DQrwFk3Ji/nk/9pGSTCaMK+GHiNF06lKd/gUwcoIF
YCwdtyNYb7kd+6IUERbCmasiTm2TDc0WE5R1LCiJvglrznh/LBtUJHZBjLbUdI7q
5MBnmnJelHxXmQHnSImO3X+BcYsVqlxqYKaZJFs9k/jWc0QBT8eSua6QbmhgHecb
0vnYGuv61OEnjCLF82vrU/mIP0u+5+1zLGOfNDHgyd7p2SkY/L8/a/mRuqNqFwyn
6oT0HLWdlZazuAoGgtOu2gi43lXpo5TOdndaULnOKxYlLI1+v9IQLCQkBT7Ecxio
aUBbpsT+vC76PPQpkOrI
=eUcr
-----END PGP SIGNATURE-----

More information about the Ach mailing list