On Saturday, September 19, 2015 04:06:37 pm Salz, Rich wrote:
> On Friday, September 18, 2015 04:25:39 pm Julien ÉLIE wrote:
> > The concern will be when TLS 1.2 is declared "flawed". Maybe one day it
> > will
> > be considered insecure; and then, compliant TLS implementations won't be
> > able t
> Well, it is true that NNTP can stay on TLS 1.2. News clients and news servers
> can implement TLS 1.2 and use it.
> The concern will be when TLS 1.2 is declared "flawed". Maybe one day it will
> be considered insecure; and then, compliant TLS implementations won't be
> able to use compression
Julien ÉLIE writes:
> Unless you are speaking of an update of the NNTP protocol to add a new
> compression capability (for instance with the use of a new COMPRESS
> command with possible arguments), that could be used by clients?
> Well, it will require some work to specify it. Not to speak of i
On Sat, Sep 19, 2015 at 03:14:07PM +0200, Kurt Roeckx wrote:
> But I wonder in which cases it's important to receive the fatal
> alert. I guess it's the cases where it can tell you that
> connecting again might work, and so would only be during the
> handshake. The only case I can think of is so
On Wed, Sep 16, 2015 at 01:54:20PM +0200, Florian Weimer wrote:
> On 09/16/2015 01:51 PM, Henrik Grubbström wrote:
> > On Wed, Sep 16, 2015 at 12:02 PM, Florian Weimer wrote:
> >> On 09/15/2015 06:29 PM, Nico Williams wrote:
> > [...]
> >>>
> >>> But if you have a fatal error you'll be closing imm
Hi Loganaden,
If compression is dropped at the TLS layer, you can still do it at
the layer above it.
Indeed. And, it's probably a better idea to do it in the layer above.
Then how will the news server know that the client is compressing data
after the use of STARTTLS where a security
On Sat, Sep 19, 2015 at 11:46 AM, Kurt Roeckx wrote:
> On Thu, Sep 17, 2015 at 01:23:19PM +, Alewa, Christos wrote:
> > Since we at HOB, use SSL to maintain long-running VPN connections, might
> it be possible to - at least - maintain the status quo of the TLS -
> protocol in this aspect, ena
On Thu, Sep 17, 2015 at 01:23:19PM +, Alewa, Christos wrote:
> Since we at HOB, use SSL to maintain long-running VPN connections, might it
> be possible to - at least - maintain the status quo of the TLS - protocol in
> this aspect, enabling and disabling compression if needed?
If compressio
On Thu, Sep 17, 2015 at 03:37:29PM -0700, Brian Smith wrote:
>
> A conformant TLS 1.3 implementation will not be version intolerant. If the
> client does insecure version fallback in response to an alert or connection
> close by a conformant TLS 1.3 implementation then it is guaranteed to be
> doi
