Re: [TLS] Industry Concerns about TLS 1.3

2016-09-27 Thread Michał Staruch 
On Mon, Sep 26, 2016 at 4:55 PM, Martin Rex  wrote:
> And no, there can not be any valid regulations to require such
> monitoring, because _every_ to the secrecy provisions and criminalization
> requires an explicit law from the parlamentarian legislator.

GDPR Article 88 leaves rules of processing employees' personal data
in the employment context up to the Member States - so regulations
in Germany may be different than ones in let's say Poland.


About the main topic: TLS main task is to protect privacy and data
integrity - essentially to prevent the MitM. Requests that are in
direct conflict with that can't be treated seriously.

TLS needs to provide secure connections, and PFS cipher suites are
better choice than non-PFS ones. If anyone wants (or needs) to monitor
the data, he should set proper trust boundaries, and do the monitoring
between TLS terminators.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Controlling use of SHA-1

2015-10-23 Thread Michał Staruch 
 is broken,
> for it should then have worked around the specification brain-damage
> by selecting TLS 1.2 (presumably the client still supports that).
>
> I am perplexed that folks desperately want that server with that
> SHA-1 cert to not be able to use TLS 1.3.  Surely, the decision to
> not trust that cert (if certs are being checked at all) belongs in
> the client.
>
> Provided that weak self-signatures are not proscribed, I am resigned
> to "come what may" if nobody else thinks that proper segregation
> of duties is important, and that putting up some needless roadblocks
> to TLS 1.3 use is the price of "progress".
>
> --
> Viktor.
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>


-- 

Pozdrawiam | Best Regards

Michał Staruch | Information Security Officer

ul. Sienkiewicza 9, 65-001 Zielona Góra

m...@cinkciarz.pl

Find us on Bloomberg CKPL 
[image: Cinkciarz.pl Sp. z.o.o] <https://cinkciarz.pl>

*Cinkciarz.pl Sp. z o.o.*

*Siedziba:* ul. Sienkiewicza 9, 65-001 Zielona Góra

*Biuro PL:* Al. Jerozolimskie 123A, 00-965 Warszawa

*Biuro UK:* The Broadgate Tower, 20 Primrose Street, London EC2A 2EW

*Biuro USA:* 401 North Michigan Avenue, Chicago, Illinois, 60611

*Sekretariat:* +48 726 666 655 | *Infolinia:* +48 68 410 99 50

bi...@cinkciarz.pl | https://cinkciarz.pl

KRS 364722 | Kapitał zakładowy 23.263.500 zł

REGON 080465538 | NIP 9291830388

Audited by: Grant Thornton

[image: Oficjalny sponsor Reprezentacji Polski w piłce nożnej]

Treść tej wiadomości zawiera informacje poufne, przeznaczone tylko dla
adresata. Udostępnianie, ujawnianie, powielanie, rozpowszechnianie bądź
powoływanie się na jakikolwiek jej fragment przez inne osoby jest
zabronione. W razie przypadkowego otrzymania tej wiadomości prosimy o
powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Informacje zawarte w
tej wiadomości mogą być objęte tajemnicą zawodową lub chronione innymi
przepisami prawnymi. Nadawca nie bierze odpowiedzialności za jakiekolwiek
szkody spowodowane wirusem komputerowym przetransmitowanym w tej
wiadomości.  Poglądy i opinie przedstawione w tej wiadomości są wyłącznie
poglądami i opiniami jej autora i niekoniecznie reprezentują poglądy i
opinie firmy.

This is a confidential e-mail intended solely for the use of the entity or
the individual to whom it is addressed. Unauthorized publication, use,
dissemination or disclosure of this message, either in whole or in part is
strictly prohibited. If you have received this message in error please send
it back to the sender and delete it. It may also be privileged or otherwise
protected by work product immunity or other legal rules. The company
accepts no liability for any damage caused by any virus transmitted by this
e-mail. Any views or opinions presented in this e-mail are solely those of
the author and do not necessarily represent those of the company.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls