On 17 September 2013 13:17, Mark Handley <[email protected]> wrote: > > On Tue, Sep 17, 2013, at 04:40 AM, Scott Brim wrote: > > With the entire web moving To UDP and QUIC, tcpcrypt isn't nearly so > interesting. > > QUIC is pretty interesting as a protocol and does a lot of things that TCP > should have evolved to do. From a security point of view, if I understand > the design documents correctly, it's really a drop-in replacement for > TLS/TCP. Thus it seems to suffer from the same issues TLS does - not > enabled sufficiently frequently (you can argue about why, but we've been > doing that for a very long time), and dependence on the CA infrastructure. > Thus it seems likely to be mostly deployed in places that already do TLS. > > QUIC could, of course, take the same approach as tcpcrypt. Do encryption by > default using ephemeral public keys, even with no configuration, but provide > the hooks to enable various forms of authentication. From what I've read, > it doesn't seem to do that. Please correct me if I misunderstood though.
You are right, but there's no reason not to extend QUIC to do ephemeral encryption. That wasn't the use case we were thinking about when we designed it. Seems like a useful thing for the IETF to consider. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
