On Thu, Sep 12, 2013 at 08:28:56PM -0400, Paul Wouters wrote:
Stop making crypto harder!
I think you're arguing that active attacks are not a concern. That's
probably right today w.r.t. PRISMs. And definitely wrong as to cafe
shop wifi.
The threat model is the key. If you don't care about
On Thu, 12 Sep 2013, Nico Williams wrote:
Note: you don't just want BTNS, you also want RFC5660 -- IPsec
channels. You also want to define a channel binding for such channels
(this is trivial).
To summarize: IPsec protects discrete *packets*, not discrete packet
*flows*. This means that
On Thu, Sep 12, 2013 at 12:04 PM, Nico Williams n...@cryptonector.com wrote:
Note: you don't just want BTNS, you also want RFC5660 -- IPsec
channels. You also want to define a channel binding for such channels
(this is trivial).
I am not convinced. It's supposed to be *better than nothing*.