[cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)
James A. Donald
jamesd at echeque.com
Tue Jun 21 19:09:50 EDT 2011
On 2011-06-22 3:35 AM, Nico Williams wrote:
> My concern is that we already have a large number of technologies in
> the IETF for establishing channels[*].
We don't have a large number of satisfactory technologies. Indeed, I
don't think we have any satisfactory technologies.
Among the problems with existing technologies is that they are overly
reliant on trusted central authority, that due to layering they induce
too many unnecessary round trips, that they lack provision for open
ended protocol negotiation, that they fail to play nice with nat
traversal, and that they have problems with real time point to point
The too many round trips problem leads to people, notably banks, not
using encryption when they should. Too many round trips is a major
factor making bank pages slow and funky, which gives rise to such
infamous security flaws as the infamous unencrypted landing bank page,
and the weird no name encrypted bank domain.
Nat traversal problems plus real time problems means that most people
use roll your own encryption on audio and video calls over the internet,
for example Skype, or, worse, no encryption at all - the bank landing
page problem with knobs on.
More information about the cryptography