Accepted, Though bringing up kerberos illustrates the kind of case where iesg could have been a benefit. The master secret in SSL is 48 bytes, a length that gives no more security than 128 bits would for the ciphers used but which prevents embedding the encrypted master secret in the session Id to create. Kerberos like ticket.
THAT is a case where an IESG hanng on a second could have been a real value. It took many years to get a fix out for that. Sent from my GoodLink Wireless Handheld (www.good.com) -----Original Message----- From: Sam Hartman [mailto:[EMAIL PROTECTED] Sent: Saturday, December 30, 2006 10:28 AM Pacific Standard Time To: Hallam-Baker, Phillip Cc: Michael Thomas; John C Klensin; [email protected]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: IESG Success Stories >>>>> "Hallam-Baker," == Hallam-Baker, Phillip <[EMAIL PROTECTED]> writes: Hallam-Baker,> That is empirically not true. At this point we have Hallam-Baker,> precisely two cryptographic security protocols that Hallam-Baker,> can be regarded as a success: SSL and WEP. And the Hallam-Baker,> original design of both was botched. Sorry, I'd say Kerberos is a success as well as ssh. Both of them demonstrate the point you're trying to make though.
_______________________________________________ Ietf mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ietf
