On Tue, Sep 17, 2013, at 04:40 AM, Scott Brim wrote:
With the entire web moving To UDP and QUIC, tcpcrypt isn't nearly so interesting. QUIC is pretty interesting as a protocol and does a lot of things that TCP should have evolved to do. From a security point of view, if I understand the design documents correctly, it's really a drop-in replacement for TLS/TCP. Thus it seems to suffer from the same issues TLS does - not enabled sufficiently frequently (you can argue about why, but we've been doing that for a very long time), and dependence on the CA infrastructure. Thus it seems likely to be mostly deployed in places that already do TLS. QUIC could, of course, take the same approach as tcpcrypt. Do encryption by default using ephemeral public keys, even with no configuration, but provide the hooks to enable various forms of authentication. From what I've read, it doesn't seem to do that. Please correct me if I misunderstood though. Cheers, Mark
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
