Re: [Lurk] lurk -- February 2018 draft; comments

2018-06-15 Thread i . boureanu=40surrey . ac . uk
eda , lurk@ietf.org Subject: RE: [Lurk] lurk -- February 2018 draft; comments Hi Iona, Please find my responses below. Yours, Daniel From: i.boure...@surrey.ac.uk Sent: Friday, June 15, 2018 1:05 PM To: Daniel Migault Cc: Stere Preda ; lurk@ietf.org Subject: Re: [Lurk] lurk -- February 2018 draft

Re: [Lurk] lurk -- February 2018 draft; comments

2018-06-15 Thread Daniel Migault
Hi Iona, Please find my responses below. Yours, Daniel From: i.boure...@surrey.ac.uk Sent: Friday, June 15, 2018 1:05 PM To: Daniel Migault Cc: Stere Preda ; lurk@ietf.org Subject: Re: [Lurk] lurk -- February 2018 draft; comments Hi Daniel, Thanks for this. @ your question 1. So

Re: [Lurk] lurk -- February 2018 draft; comments

2018-06-15 Thread Daniel Migault
Hi Ioana, I apology for the delay. It is still unclear to me what the Key Server is doing with Finished message. My understanding is that the Key Server checks the Finished message. If that is the case, I believe the handshake messages needs also to be provided by the edge_server to the Key

Re: [Lurk] lurk -- February 2018 draft; comments

2018-06-11 Thread Daniel Migault
If I am correct we also nee to send the complete handshake_messages that is in our case ClientHello...Client Finished. Yours, Daniel On Mon, Jun 11, 2018 at 6:37 AM, wrote: > Hi Daniel, Hi all, > > I am replying to my pb I singled in myself in my last email, as per the > below. > > > > On 7

Re: [Lurk] lurk -- February 2018 draft; comments

2018-06-11 Thread Daniel Migault
On Thu, Jun 7, 2018 at 5:59 PM, wrote: > > Hi Daniel and all, > > *Daniel*, thanks for the below. I am going to come back onto the attack I > spoke of in here, on the 24th and your answer/countermeasure > > Let me recall the attack I described on the 24th of May: > > > > Namely, if one edge

Re: [Lurk] lurk -- February 2018 draft; comments

2018-06-07 Thread i . boureanu=40surrey . ac . uk
Hi Daniel and all, Daniel, thanks for the below. I am going to come back onto the attack I spoke of in here, on the 24th and your answer/countermeasure Let me recall the attack I described on the 24th of May: Namely, if one edge server E1 becomes corrupt this is what it can be used to do.

Re: [Lurk] lurk -- February 2018 draft; comments

2018-05-26 Thread Daniel Migault
Hi Ioana, The current working version is available here: https://github.com/mglt/draft-mglt-lurk-tls12 The txt and mkd version are in sync. Feel free to update the text. To briefly respond to your comments: * TLS1.1 has been removed from this document. * The way we implement PFS is described

Re: [Lurk] lurk -- February 2018 draft; comments

2018-05-26 Thread i . boureanu=40surrey . ac . uk
Hi Daniel, Thanks for this. Please see my answers below. On 26 May 2018, at 01:08, Daniel Migault > wrote: Hi Ioana, Thanks for the feed back. I agree with you that the document should be focused on TLS 1.2. This is

[Lurk] lurk -- February 2018 draft; comments

2018-05-24 Thread i . boureanu=40surrey . ac . uk
Dear all, I’ve had a look at a draft of Lurk that Daniel Migault sent me a while back; it was dated February 2018. Here come a mix of comments: 1. I like the aspect of termination of TLS be split into different services (e.g., network + crypto); I think we should expand on this side. We