not start reusing TLS
1.3 keyshare values when under DoS attack? --Roelof On Wed, 05 Dec 2018
14:34:44 -0500 Viktor Dukhovni wrote > On Dec 5,
2018, at 2:19 PM, R duToit wrote: > > Quote: "As we will discuss
later, we empirically find that at least 7.2% of HTTPS
See https://dl.acm.org/citation.cfm?id=2987480 Quote: "As we will discuss
later, we empirically find that at least 7.2% of HTTPS domains in the Alexa Top
Million reuse DHE values and 15.5% reuse ECDHE values." On Wed, 05 Dec
2018 13:59:07 -0500 Stephen Farrell wrote
Hiya, Thanks for
I like the gist of what Tony is saying. Key escrow (it should be called
"secret escrow", but I digress) itself is not really the problem in a
datacenter - those guys struggle to solve the key distribution problem. If it
was one-server-to-one-tool then we would not be having this discussion. e
> GREASE values should not make their way into code. The whole point is to
get code used to the fact that unknown values exist.
The GREASE mechanism is useful, but it will definitely make its way into code
and become ossified itself.
Example: https://github.com/salesforce/ja3
--Roelof
The server sending the alert at warning level while knowing that it is about to
negotiate TLS 1.3 seems to be in violation of the statement that "All alerts
listed in Section 6.2 MUST be sent with AlertLevel=fatal," - that is probably
more of an implementation issue.
The client's reaction to th