On 2011-06-22 3:35 AM, Nico Williams wrote:
My concern is that we already have a large number of technologies in the IETF for establishing channels[*].
We don't have a large number of satisfactory technologies. Indeed, I don't think we have any satisfactory technologies.
Among the problems with existing technologies is that they are overly reliant on trusted central authority, that due to layering they induce too many unnecessary round trips, that they lack provision for open ended protocol negotiation, that they fail to play nice with nat traversal, and that they have problems with real time point to point communications.
The too many round trips problem leads to people, notably banks, not using encryption when they should. Too many round trips is a major factor making bank pages slow and funky, which gives rise to such infamous security flaws as the infamous unencrypted landing bank page, and the weird no name encrypted bank domain.
Nat traversal problems plus real time problems means that most people use roll your own encryption on audio and video calls over the internet, for example Skype, or, worse, no encryption at all - the bank landing page problem with knobs on.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
