Re: [Sks-devel] TLS 1.3 and HKPS pool

2018-03-23 Thread Phil Pennock
On 2018-03-23 at 13:55 +, Daniel Kahn Gillmor wrote: > Sadly, SNI iand ALPN are both still in the claer in the TLS 1.3 > handshake. Ah, thank you. I hadn't read the draft, but have just read the relevant parts of v26. I don't recall what source I read which led me to believe otherwise, other

Re: [Sks-devel] SKS apocalypse mitigation

2018-03-23 Thread Daniel Kahn Gillmor
On Fri 2018-03-23 11:10:49 +, Andrew Gallagher wrote: > Updating the sets on each side is outside the scope of the recon > algorithm, and in SKS it proceeds by a sequence of client pull requests > to the remote server. This is important, because it opens a way to > implement object blacklists i

Re: [Sks-devel] TLS 1.3 and HKPS pool

2018-03-23 Thread Daniel Kahn Gillmor
On Mon 2018-03-19 17:24:07 -0400, Phil Pennock wrote: > On 2018-03-19 at 22:14 +0100, Kristian Fiskerstrand wrote: >> On 03/19/2018 10:08 PM, Phil Pennock wrote: >> > Do we care? >> >> I'm tempted to say no.. I also agree that we do not care, and should issue no guidance that encourages servers

Re: [Sks-devel] SKS apocalypse mitigation

2018-03-23 Thread Andrew Gallagher
On 23/03/18 11:10, Andrew Gallagher wrote: > Another effective method that does not require an ongoing management > process would be to blacklist all image IDs It occurs to me that this would be more wasteful of bandwidth than blocking objects by their hash, as the server would have to request the

Re: [Sks-devel] TLS 1.3 and HKPS pool

2018-03-23 Thread Henry Vindin
On Mon, Mar 19, 2018 at 11:08:13PM +0100, Kristian Fiskerstrand wrote: > On 03/19/2018 10:40 PM, Hendrik Visage wrote: > >> Now.. if anyone were to actually disable everything but 1.3, that'd be > >> exclusion worthy from the pool, but lets do this manually if so. > > > > I’ve not seen and TLS1.2

Re: [Sks-devel] SKS apocalypse mitigation

2018-03-23 Thread Yaron Minsky
FWIW, while I'm effectively no longer involved in SKS development, I do agree that this is a problem with the underlying design, and Andrew's suggestions all sound sensible to me. On Fri, Mar 23, 2018 at 7:10 AM, Andrew Gallagher wrote: > Hi, all. > > I fear I am reheating an old argument here, b

[Sks-devel] SKS apocalypse mitigation

2018-03-23 Thread Andrew Gallagher
Hi, all. I fear I am reheating an old argument here, but news this week caught my attention: https://www.theguardian.com/technology/2018/mar/20/child-abuse-imagery-bitcoin-blockchain-illegal-content tl;dr: Somebody has uploaded child porn to Bitcoin. That opens the possibility that *anyone* usin