[cryptography] TLS2

ianG iang at iang.org
Mon Sep 30 08:18:33 EDT 2013


(repost from Crypto with a Kapital C, slightly editted.  I think this is 
more software engineering than crypto).


On 28/09/13 20:07 PM, Stephen Farrell wrote:

> b) is TLS1.3 (hopefully) and maybe some extensions for earlier
>     versions of TLS as well


SSL/TLS is a history of fiddling around at the edges.  If there is to be 
any hope, start again.  Remember, we know so much more now.  Call it
TLS2 if you want.

Start with a completely radical high-level set of requirements.

Why not do the requirements, then ask for competing proposals?  Choose 
the one.  There are a dozen teams here who could produce it.

It worked for NIST, and committees didn't work for anyone.

A competition for TLS2 would bring out the best and leave the bureaurats 
fuming and powerless.



iang


More information about the cryptography mailing list