On Thu, Nov 21, 2013 at 12:43:25PM +0100, Brian Trammell <[email protected]> wrote a message of 16 lines which said:
> MinimaLT, YA transport layer replacement with a focus on maximizing > confidentiality, was presented at CCS last week in Berlin; Executive summary: each time two machines want to talk, an encrypted tunnel is automatically setup and used afterwards. The encryption setup cost is therefore paid for all the connections (until the teardown). So, some state will be necessary. Biggest problem is that the authentication (apparently in one direction only) is done only by X.509 (so it inherits all of the problems of X.509), with certificates fetched via the DNS. API for the applications is unclear. (It seems done mostly for a new OS, without installed base.) (More detailed analysis, in French <http://www.bortzmeyer.org/minimalt.html>) _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
