from:"Jan Schaumann"

Re: [TLS] WG Adoption call for draft-sbn-tls-svcb-ech

2023-03-28 Thread Jan Schaumann

Martin Thomson  wrote:
> Adopt.  But please include an example, even if the public key is 
> 0x010203040506...

+1 on including an example.

-Jan

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] [TLS-NO-AUTH] Proposal to skip TLS authentication for entertainment purposes

2023-03-23 Thread Jan Schaumann

Hans Petter Selasky  wrote:

> As a proposal in general, entertainment content providers, do not require
> the same level of confidence, that the data really comes from the server as
> the security certificate indicates, which other content providers like banks
> require.

It sounds to me like this approach makes inappropriate
assumptions about end-users' threat models and allows
a class of malleability attacks which could range
from simple data corruption to - conceivably, under
the right circumstances - arbitrary code execution.

To me, transport _security_ does indeed require all
three of confidentiality, integrity, and
authenticity.

-Jan

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG Adoption call for draft-sbn-tls-svcb-ech

Re: [TLS] [TLS-NO-AUTH] Proposal to skip TLS authentication for entertainment purposes

2 matches

Site Navigation

Mail list logo

Footer information