On Mon, Mar 19, 2018 at 02:33:52PM +0100, Nikos Mavrogiannopoulos wrote:
> On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> > >
> >
> > > If you want to use PSK with some level of privacy, you might adopt
> > > a
> >
On Mon, Mar 19, 2018 at 05:00:51PM +0100, Hubert Kario wrote:
> On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote:
> > After discussion with the chairs and the AD, I have opted to just add a
> > section
> > that explains the attack. I just merged that (but managed not to get it
> > into -27
On Mon, Mar 19, 2018 at 9:23 AM, Yoav Nir wrote:
[snip]
> > On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor
> wrote:
> > So if this technology were deployed on a network where not all parties
> > are mutually trusting, it would offer network users a choice between
> > surveillance by the network on
* It's difficult to speculate here about the potential impact, but isn't
another possibility that it would legitimize a mass-market of such products,
particularly if such capabilities were introduced into clients and browsers?
That is definitely a goal. The people who are in favor of this, w
On Mon, Mar 19, 2018 at 12:22:48PM -0400, Ryan Sleevi wrote:
> On Mon, Mar 19, 2018 at 10:20 AM, Colm MacCárthaigh
> wrote:
>
> > 2/ clients and browsers could easily consider such sessions insecure by
> > default. This would mean that adopters would have to deploy configurations
> > and mechanis
On Mon, Mar 19, 2018 at 01:23:30PM +, Yoav Nir wrote:
> Hi, Daniel
>
> Inline...
>
> > On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor wrote:
> >
> >
> > So if this technology were deployed on a network where not all parties
> > are mutually trusting, it would offer network users a choice bet
On Mon, Mar 19, 2018 at 10:20 AM, Colm MacCárthaigh
wrote:
> 2/ clients and browsers could easily consider such sessions insecure by
> default. This would mean that adopters would have to deploy configurations
> and mechanisms to enable this functionality, similar to - but beyond - how
> private
On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote:
> After discussion with the chairs and the AD, I have opted to just add a
> section
> that explains the attack. I just merged that (but managed not to get it
> into -27
> due to fumble fingering).
If there is no consensus on the recommende
Commenting purely on the straw-man proposal:
How would passive tools get to the new message if it is sent before the TLS 1.3
server Finished, given that the handshake is already encrypted by that point?
You could send it as plaintext before client Finished, but that changes the
properties of re
Dear TLS WG,
Enterprise "visibility" is a network issue, not an Internet issue, and thus, to
my _limited_ understanding, should be out of scope of IETF.
Nonetheless, enterprise security is important, and enterprise networks use
Internet technology internally, so the topic is perhaps still proce
It's true that breaking open cleartext runs counter to the mission of
end-to-end TLS, but it also seems like operators are going to do it if they
can. Whether by staying on plain RSA, using static-DH, MITM through
installing a private trusted CA, or exporting session secrets, they can
certainly do
On Mon, Mar 19, 2018 at 1:33 PM, Nikos Mavrogiannopoulos
wrote:
> On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> > >
> > >
> > > On 3/15/2018 5:51 PM, Benjamin Kaduk wrote:
> > > > On Thu, Mar 15, 2018 at 12:25:38P
On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> >
> >
> > On 3/15/2018 5:51 PM, Benjamin Kaduk wrote:
> > > On Thu, Mar 15, 2018 at 12:25:38PM +0100, Hubert Kario wrote:
> > > ...
> > > > we do not have a reliable mec
Hi, Daniel
Inline...
> On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor wrote:
>
> On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>>>
>>> I fail to see how the current draft can be used to provide visibility
>>> to an IPS system in order
On Mon, Mar 19, 2018 at 6:38 AM, Daniel Kahn Gillmor
wrote:
> On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote:
>
>> The devices that might use external PSKs will likely be unavoidably
>> fingerprinted by source IP address and the target mothership.
>
> I'm not convinced that this is the ca
+1
On Mon, Mar 19, 2018 at 3:32 AM, Daniel Kahn Gillmor
wrote:
> On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>>>
>>> I fail to see how the current draft can be used to provide visibility
>>> to an IPS system in order to detect bots t
On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote:
> The devices that might use external PSKs will likely be unavoidably
> fingerprinted by source IP address and the target mothership.
I'm not convinced that this is the case -- it's not at all clear that
IoT devices will be attached to a st
On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote:
>>
>> I fail to see how the current draft can be used to provide visibility
>> to an IPS system in order to detect bots that are inside the bank…
>>
>> On the one hand, the bot would never o
Hi Darin,
> On 18 Mar 2018, at 16:09, Darin Pettis wrote:
>
> pushing this to another technology or WG isn't going to solve the current
> problem in time.
In time for what?
Mat
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/
19 matches
Mail list logo