Ryan Carboni <rya...@gmail.com> writes: >I've never quite understood what TLS was supposed to be protecting against, >and whether or not it has done so successfully, or has the potential to do so >successfully.
It's the Inside-Out Thread Model (also shared by a number of other security protocols, it's not just TLS), "our defence is SSL/TLS/IPsec/PKI/… and our threat model is whatever that happens to defend against". DNSSEC is a classic example of this, the DNSSEC requirements doc was published *a decade* after DNSSEC itself. Mind you, other protocols are still waiting for their requirements doc to be published. PKIX specifically actively declined to consider use cases because heck, this is a standards committee dammit, we can't be expected to take into account what people want to do with it. Mind you, in the absence of any success criteria, no-one can say you've failed... Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls