Robert Moskowitz <[email protected]> writes: >The article is unclear if this is a TLS 1.2 and/or 1.3 problem. It does >claim that 1.3 does not fix all problems with TLS.
It's neither TLS 1.2 or 1.3, it's an ECDSA problem. The paper happened to use TLS because it's a convenient way to probe the Internet for problematic implementations, but it's a problem with ECDSA, not with TLS. You could do the same thing with SSH, there's just a lot less of it out there, and since TLS servers are things you want everyone to see and access while SSH servers are ones you don't, I would imagine probing SSH servers in the same manner would run into a lot more problems than probing TLS ones, e.g running into fail2ban rules and similar which would mess up your results. As an aside, it also backs up my comments earlier about ECDH being just as problematic as DH in TLS: Our data shows that non-unique server ECDH parameters are very common; in the UCSD data almost 15% of observed connections used a non-unique set of server key exchange parameters. In other words telling everyone to move from DH to ECDH just moves the same problem across to a different algorithm. Peter. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
