On Mon, Mar 19, 2018 at 02:33:52PM +0100, Nikos Mavrogiannopoulos wrote:
> On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> > >
> >
> > > If you want to use PSK with some level of privacy, you might adopt
> > > a
>
On Mon, Mar 19, 2018 at 05:00:51PM +0100, Hubert Kario wrote:
> On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote:
> > After discussion with the chairs and the AD, I have opted to just add a
> > section
> > that explains the attack. I just merged that (but managed not to get it
> > into
On Mon, Mar 19, 2018 at 9:23 AM, Yoav Nir wrote:
[snip]
> > On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor
> wrote:
> > So if this technology were deployed on a network where not all parties
> > are mutually trusting, it would offer network users a
* It's difficult to speculate here about the potential impact, but isn't
another possibility that it would legitimize a mass-market of such products,
particularly if such capabilities were introduced into clients and browsers?
That is definitely a goal. The people who are in favor of this,
On Mon, Mar 19, 2018 at 12:22:48PM -0400, Ryan Sleevi wrote:
> On Mon, Mar 19, 2018 at 10:20 AM, Colm MacCárthaigh
> wrote:
>
> > 2/ clients and browsers could easily consider such sessions insecure by
> > default. This would mean that adopters would have to deploy
On Mon, Mar 19, 2018 at 01:23:30PM +, Yoav Nir wrote:
> Hi, Daniel
>
> Inline...
>
> > On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor wrote:
> >
> >
> > So if this technology were deployed on a network where not all parties
> > are mutually trusting, it would offer
On Mon, Mar 19, 2018 at 10:20 AM, Colm MacCárthaigh
wrote:
> 2/ clients and browsers could easily consider such sessions insecure by
> default. This would mean that adopters would have to deploy configurations
> and mechanisms to enable this functionality, similar to - but
On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote:
> After discussion with the chairs and the AD, I have opted to just add a
> section
> that explains the attack. I just merged that (but managed not to get it
> into -27
> due to fumble fingering).
If there is no consensus on the
Commenting purely on the straw-man proposal:
How would passive tools get to the new message if it is sent before the TLS 1.3
server Finished, given that the handshake is already encrypted by that point?
You could send it as plaintext before client Finished, but that changes the
properties of
Dear TLS WG,
Enterprise "visibility" is a network issue, not an Internet issue, and thus, to
my _limited_ understanding, should be out of scope of IETF.
Nonetheless, enterprise security is important, and enterprise networks use
Internet technology internally, so the topic is perhaps still
It's true that breaking open cleartext runs counter to the mission of
end-to-end TLS, but it also seems like operators are going to do it if they
can. Whether by staying on plain RSA, using static-DH, MITM through
installing a private trusted CA, or exporting session secrets, they can
certainly do
On Mon, Mar 19, 2018 at 1:33 PM, Nikos Mavrogiannopoulos
wrote:
> On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> > >
> > >
> > > On 3/15/2018 5:51 PM, Benjamin Kaduk wrote:
> > > > On Thu, Mar 15,
On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> >
> >
> > On 3/15/2018 5:51 PM, Benjamin Kaduk wrote:
> > > On Thu, Mar 15, 2018 at 12:25:38PM +0100, Hubert Kario wrote:
> > > ...
> > > > we do not have a reliable
Hi, Daniel
Inline...
> On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor wrote:
>
> On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>>>
>>> I fail to see how the current draft can be used to
On Mon, Mar 19, 2018 at 6:38 AM, Daniel Kahn Gillmor
wrote:
> On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote:
>
>> The devices that might use external PSKs will likely be unavoidably
>> fingerprinted by source IP address and the target mothership.
>
> I'm not
+1
On Mon, Mar 19, 2018 at 3:32 AM, Daniel Kahn Gillmor
wrote:
> On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>>>
>>> I fail to see how the current draft can be used to provide visibility
On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote:
> The devices that might use external PSKs will likely be unavoidably
> fingerprinted by source IP address and the target mothership.
I'm not convinced that this is the case -- it's not at all clear that
IoT devices will be attached to a
On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>>
>> I fail to see how the current draft can be used to provide visibility
>> to an IPS system in order to detect bots that are inside the bank…
>>
>> On the one hand,
Hi Darin,
> On 18 Mar 2018, at 16:09, Darin Pettis wrote:
>
> pushing this to another technology or WG isn't going to solve the current
> problem in time.
In time for what?
Mat
___
TLS mailing list
TLS@ietf.org
19 matches
Mail list logo