On Fri, Aug 1, 2014 at 11:16 AM, Joe Touch <[email protected]> wrote: > If the sole goal is anti-monitoring, we have what we need.
See the Opportunistic Security draft. > I also fear that a TCP-based solution might present a misleading view that a > session is E2E protected when a MITM acts as a TCPINC proxy; TLS already has > well-established procedures by which users can examine a certificate and > determine whether to trust it. Building that into an OS and integrating its > management with the user application (esp. legacy apps) isn't going to be as > intuitive. I agree. I see this effort as part of the OS (opportunistic security) effort: you get protection from passive attackers that you'd not have gotten otherwise, but no protection from MITMs without doing a bit of extra work. Now, the "extra work" to get protection from MITMs can be relatively minor: in a DNSSEC/DANE world it's just a matter of discovering the server's public key with DNSSEC and then using it to authenticate the server's side of the key exchange. API-wise there's several ways to do this, and some would be really easy to use, but let's not go into it. The point is that we have a path to make things better all around, and that's what OS is all about. Nico -- _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
