Russ, On 02/10/17 22:43, Russ Housley wrote: >> For starters, though, I'd be interested answers from the authors to >> two quick questions, though I suspect I can guess 'em: >> >> 1. TLS1.3 has had significant formal analysis. Did the authors or >> other proponents here do any such work and if so can you send a >> pointer to your results? If not, then I believe the onus is on the >> folks who want to break TLS to do that work themselves if they want >> to make a serious proposal and it is not ok IMO to try put that >> work onto the community who have been working hard for years to >> make TLS stronger. > > I would be willing to work with the people that did the formal > analysis to show the impact of including the extension, and making > changes to the extension that are indicated by that analysis. >
IMO, that's not a good answer. When improving the security properties of the protocol it may suffice. When weakening the protocol, I strongly believe the onus is on you to have done that work ahead of time, so that the damage you are proposing the Internet suffers is clear and known and not discovered years later. >> 2. Which of the hundreds of applications making use of TLS did you >> analyse before proposing this? If only a handful, then same comment >> wrt where the onus ought lie. > > Just like TLS 1.3 has been implemented and tested with many > applications during its development, I would expect the same to > happen in those environments where there is interest in making use of > this extension. The TLS WG has spent an awful lot of effort on (I think) every single semantic difference between TLS1.2 and TLS1.3. (Ortt for example.) You are now asking that everyone else do work to figure out how your proposal damages their uses of TLS so that this supposed use case is dealt with. I think you and other proponents of breaking TLS need to spend that effort yourselves. (This is because as you know there is no way to limit the damage of your proposal to only the use-cases that are the claimed targets for this bad idea.) So yes, those answers are as I expected and are just as unsurprisingly, utterly unsatisfactory. S. > > Russ > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
