Benjamin Kaduk wrote: [ Charset windows-1252 unsupported, converting... ] > On 11/09/2016 11:42 AM, Martin Rex wrote: > > Nobody so far has provide a single example of *REAL* value. > > For the hiding of ContentType to provide real value, the prerequisites are: > > > > (1) this value will be _unconditionally_ provided in TLSv1.3 > > > > (2) this value can be demonstrated to be a real security issue in TLSv1.2, > > for existing usage scenarios, where hiding of ContentType is not > > available > > > > Anyhing less is no value, just an illusion of value. > > Thanks for clarifying your position. I don't think many of the other > people in the thread are using the same definition of "value", which has > led to a lot of confusion. > > However, I'm not convinced that the concrete benefit needs to be > mandatory-to-use in TLS 1.3 to be considered to provide value.
There is a concept called "provable correctness", and folks (such as those from the miTLS implementation) are using this approach to check/prove whether TLS provides certain security properties (rather than just assuming that these properties are provided). If hiding of ContentType has *real* value, then this property will be formally provable. If the properties that someone asserts as value can be proven to not exist (one counterexample is sufficient), then the value is an illusion / obscurity, and definitely not real value. -Martin _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
