On Mar 25, 2020, at 3:30 AM, Hannes Tschofenig <hannes.tschofe...@arm.com> wrote: > Thanks a lot for your comments. I guess you understand that I am always a bit > nervous when the results of non-public conversations dictate the problem > space. I have seen it often enough that people have made their measurements > wrong, had wrong configuration, or had simply misunderstood concepts.
Sure. My $0.02 here is that even in the absence of quantitative evidence, we know that the recommendations in the document aren't wrong. i.e. there is little need to have a certificate chain 6 layers deep. There is little need to have each certificate be 16K in size. We may not be *exactly* sure why those things happen. But we can make recommendations for what *should* happen. And, explain why certain (guessed) practices are likely to be wrong. > It sounds like we need a "myth-busting" document. Of course, it isn't certain > whether the decision makers will indeed read RFCs but it would be worthwhile > a try. I think this is it, for the most part. > Also it appears that the authors could do something really actionable here, > namely to update the hostap code to update the roundtrip limit. Hostap supports 50 round trips for TLS ACKs, and 100 if it's exchanging data. This seems reasonable. > PS: Why aren't you a co-author on this document? You know more about this > than anyone else. I'm one of the few willing to *talk* about it. Most everyone else who has this data its buried 6 levels deep in a large organization. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu