It doesn’t necessarily need to be malicious. With how much of software
deployment being massive YAML files with tons of environment variables,
mistakenly including this won’t be that difficult.
On Sun, Aug 4, 2024 at 07:00 Ilari Liusvaara
wrote:
> On Sat, Aug 03, 2024 at 02:38:29PM -0700, Christ
Countries like Iran would probably love if this went through.
This seems like a very dangerous feature that’ll make data collection
significantly easier for rogue states.
On Fri, Aug 2, 2024 at 20:10 Christian Huitema wrote:
> I agree with Andrei. SSLKEYLOG is an extremely dangerous feature.
>
fingerprinting impact for this?
My comments aren’t blockers by any means. It’s only me trying to understand
how we imagine this draft working in these various TLS client
implementations.
Amir Omidi (he/them)
On Thu, Jun 13, 2024 at 22:16 Eric Rescorla wrote:
>
>
> On Wed, Jun 12, 2024 at 5:1
rt of the recovery mechanism
> for misconfiguration, which means that the server needs to have a valid
> certificate with that identity.
>
> -Ekr
>
>
>>
>> 13.03.2024, 23:40, "Amir Omidi" :
>>
>> I'd like to understand how the behavior of
I'd like to understand how the behavior of the latest draft will be under
an adversarial condition.
One of the things that really excited me about ESNI back in the day was
effectively making it near impossible for countries, like my home country
Iran, from being able to effectively censor the web.
