Re: [TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt

On Wed, Jul 19, 2017 at 05:42:24AM +0200, Kazuho Oku wrote: > Hi, > > I am happy to see us having discussions on how to protected SNI. I am > also happy to see that draft-huitema-tls-sni-encryption [1] proposes > actual methods that we might want to use, and that the I-D discusses > about various

Re: [TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt

Hi, Thank you for the response. I was not aware that the penetration rates of minor DNS records were low. I will read the I-D and the mailing list archive. OTOH, I think that the penetration rate being low might not be a killer for the proposal, since in the short term, SNI encryption can be an

Re: [TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt

If I remember correctly, the idea of enabling SNI encryption (and 0RTT) via DNS had been brought up very early on in the discussion. draft-nygren-service-bindings was the first (only? major?) concrete proposal. In general, I think the feedback was "DNS gets filtered to only A/CNAME records so

[TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt

Hi, I am happy to see us having discussions on how to protected SNI. I am also happy to see that draft-huitema-tls-sni-encryption [1] proposes actual methods that we might want to use, and that the I-D discusses about various attack vectors that we need to be aware of. On the other hand, as

[TLS] 答复: Solving the NAT expiring problem causing DTLS renegotiation with high power consumption in DTLS1.2

Thanks Wing. I am glad to discuss the technical details of CID draft with Hannes, Thomas and Nikos. Regards, Yin Xinxing -邮件原件- 发件人: Dan Wing [mailto:danw...@gmail.com] 发送时间: 2017年7月19日 0:34 收件人: yinxinxing 抄送: tls@ietf.org; Sean Turner 主题: Re: [TLS] Solving the NAT expiring problem

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

On 18/07/17 18:34, Watson Ladd wrote: I understand the logics but, since LURK boxes don’t scale, the cost to cover your entire footprint for the sporadic cases when the CA is down might be a bit prohibitive. CA reliability is not good. From my own experience, I agree that CA

Re: [TLS] 2nd WGLC: draft-ietf-tls-tls13

Timestamps outside the expected window can happen due to variances in RTT, client clock skew, etc. (we see around .1% of clients outside of a 30s window for example). Not likely to happen on a given connection, but it certainly happens enough that you don’t want to abort the connection (rather

Re: [TLS] 2nd WGLC: draft-ietf-tls-tls13

On 07/18/2017 08:07 AM, Eric Rescorla wrote: > > > On Wed, Jul 12, 2017 at 3:39 PM, Benjamin Kaduk > wrote: > > > That is, in this case, the CH+0RTT data can be replayed by an > observer once enough time has elapsed that the >

Re: [TLS] Solving the NAT expiring problem causing DTLS renegotiation with high power consumption in DTLS1.2

> On Jul 16, 2017, at 8:39 PM, yinxinxing wrote: > > Hi Wing, > > I noticed that Helloverifyrequest is optional by the server and used when DOS > is to be mitigated. > > But from practical use cases, the IOT server may not have dedicated anti-DOS > mechanism. > >

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

On Jul 18, 2017 9:26 AM, "Fossati, Thomas (Nokia - GB/Cambridge, UK)" < thomas.foss...@nokia.com> wrote: Hi Nick, Your write-up is spot on, thanks. Let me comment on a few points: “How much Delegated Credentials can be rotated and diversified inside an organization is only limited by the

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

Hi Nick, Your write-up is spot on, thanks. Let me comment on a few points: “How much Delegated Credentials can be rotated and diversified inside an organization is only limited by the operational ability of the organization that has control of the EE private key.” The self-service/agile

Re: [TLS] possible new work item: not breaking TLS

Hiya, Thanks to the chairs for allocating some agenda time for discussion of this topic at tomorrow's session. I plan to more or less present [1] instead of using slides, so if folks have a chance to read it over before we get to that agenda item tomorrow that should help speed things up a bit.

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

Okay, you said “potentially” a problem. I guess so. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

Thomas, Thanks for your comments. Let me see if I can summarize them: - A disadvantage of delegated credentials vs short-lived certs is that it requires client opt-in. This is also a disadvantage of proxy certificates. If client support is below 100%, a LURK-type system may be required to keep

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

It's a reality of the current CT system. If a crawler sees a short-lived certificate, it will submit it to a CT log and it will be accepted. On Tue, Jul 18, 2017 at 2:45 PM Salz, Rich wrote: > > Con short-lived certs: > > - Potentially problematic to the CT ecosystem (all

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

> > Con short-lived certs: > > - Potentially problematic to the CT ecosystem (all certificates must be > logged in CT, which may bloat them). > > That's a browser policy, not an IETF requirement, right? And to be even more pedantic, it's the possible-future policy of Chrome, but not yet

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

> Con short-lived certs: > - Potentially problematic to the CT ecosystem (all certificates must be > logged in CT, which may bloat them). That's a browser policy, not an IETF requirement, right? ___ TLS mailing list TLS@ietf.org

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

Hi Nick, I am not against delegated credentials, in fact I think it’s a good thing per se. I had expressed a couple of concerns at the time the call for adoption was first issued [1], which I think are still valid. Could you please comment on / add them to your pro-cons analysis? Cheers,

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

Sean, We've had some additional discussions in person here at IETF 99 with folks who were in the proxy certificates and short-lived certs camp, and we think there is now more agreement that the mechanism described in this draft is superior to the alternatives. I've included a summary of some of