ietf-nntp TLS cipher renegotation to NULL cipher

[Russ Allbery]

Charles Lindsey <chl at clw.cs.man.ac.uk> writes:
> Ken Murchison <ken at oceana.com> writes:

>> Encrypting data that doesn't need to be encrypted is good for overall 
>> security of the system.

> And the mind boggles at the shear non-seuqiturness of that non-sequitur.

It made perfect sense to me.  I'm not sure that I agree, but it's a
reasonable position.

> There seems to be a total lack of understanding in other communities of
> the sheer volume carried by large NNTP servers. And the idea that they
> should spend money on installing hardware encryptors for material that
> never needed encrypting in the first place - well my mind just boggles.

Yes, and there are www servers that serve out a lot of SSL data too.  No
one can know anything about NNTP unless someone bothers to tell them.

I see no benefit gained from making these sorts of comments.  They just
insult other people and do not get us any closer to practical solutions or
analysis of problems, including where NNTP problems are similar or
different from problems in other protocols.  No one is trying to get
anyone to do anything that doesn't work for their protocol, but no one is
an expert on everything that is done out there.  And sometimes the things
that seem to be unique to a particular protocol aren't, after one gets
some hard numbers and detailed information.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>