On Thu, Apr 6, 2017 at 1:34 AM, Stephen Farrell
wrote:
>
>
> On 05/04/17 21:20, Subodh Iyengar wrote:
>>> With that goal in mind, wouldn't it help mitigate the threat if
>> the holder of the longer term credential (the cert subject) were to
>> include within the signature e.g. an IP address range
Fries, Steffen writes:
>One concern is that once in a while the support for TLS 1.2, e.g., in common
>browsers will run out and the devices need to be upgraded to support
>different versions of TLS to cope with different security policies. But well,
>this is likely to be the fate for every long l
On Apr 6, 2017 4:08 AM, "Fries, Steffen" wrote:
You are right, I did not take that option into account. But as you
mentioned, it is non-standard and with the desire is to be interoperable as
most as possible, proprietary enhancements are likely not to be favored.
>From a security standards pers
Hello,
I see your point regarding privacy and complexity arising in cache-info. Should
we use compression then instead of cache-info every time ? When should
we use cache-info and when should we use compression ?
Thanks and Regards,
Sankalp Bagaria.
On Wed, Apr 5, 2017 at 1:35 AM, Sankalp Bagari
On 05/04/17 21:20, Subodh Iyengar wrote:
>> With that goal in mind, wouldn't it help mitigate the threat if
> the holder of the longer term credential (the cert subject) were to
> include within the signature e.g. an IP address range within which
> the delegated credential is allowed to be used?
Yes, sticking to TLS 1.2 is an option. On the other hand the equipment in
scenarios like energy automation is used for a very long time. TLS is used here
to secure the communication between specific devices. Besides that, it is also
used to allow access for, e.g., service technicians via web ba
You are right, I did not take that option into account. But as you mentioned,
it is non-standard and with the desire is to be interoperable as most as
possible, proprietary enhancements are likely not to be favored.
best regards
Steffen
From: Eric Rescorla [mailto:e...@rtfm.com]
Sent: Mittwoch
