I've never quite understood what TLS was supposed to be protecting against,
and whether or not it has done so successfully, or has the potential to do
so successfully.
Well, I don't think anyone here even knows how to protect a mailing list
from multi-billion dollar threat actors so...???
Let me
On Sat, Oct 1, 2016 at 4:23 AM, Peter Gutmann <pgut...@cs.auckland.ac.nz>
wrote:
> Ryan Carboni <rya...@gmail.com> writes:
>
> >I've never quite understood what TLS was supposed to be protecting
> against,
> >and whether or not it has done so successfully
How should inability to access key revocation lists impact the TLS
handshake, if previous public keys and/or certificate hashes are not cached?
I cannot see this in the standard. Considering that all one has to do is
DDOS a certificate authority nowadays...
On Thursday, November 8, 2018, Eric Rescorla wrote:
> It's also worth noting that in practice, many sites are served on
> multiple CDNs which do not share keying material.
>
>
Encrypting common knowledge is cargo cult fetishism for cryptography. The
files could be sent unencrypted, and
I think I have implied that ClientHello is unneccesary to an extent, it can
be replaced by a DNS TXT record.
I think I implied that self-signed certificates are acceptable given the
precedent of Let’s Encrypt and the use of DNSSEC (has there been evidence
of DNS spoofing attacks against a CA?).