[TLS]Re: Trust Anchor Negotiation Surveillance Concerns and Risks

> Isn’t the most obvious issue that more than one party have the private keys? This is inaccurate. Trust Expressions does not define or propose any form of key escrow, nor are there any changes to which parties control the private keys of a connection. I encourage you (and others!) to read the

[TLS]Re: Curve-popularity data?

arass one of the chairs, especially given that this episode was released 8 months ago. -dadrian On Mon, Jun 3, 2024 at 12:34 PM D. J. Bernstein wrote: > Thanks to Martin Thomson, Bas Westerbaan, and David Adrian for the > measurement data. I'm still puzzled as to what led to the statement tha

[TLS]Re: Curve-popularity data?

I don't really see why popularity of previous methods is relevant to picking what the necessarily new method will be is, but from the perspective of Chrome on Windows, across all ephemeral TCP TLS (1.2 and 1.3, excluding 1.2 RSA), the breakdown is roughly: 15% P256 3% P384 56% X25519 26%

[TLS]Re: WG Adoption for TLS Trust Expressions

Hi Dennis, There is certainly a discussion to be had about how well Trust Expressions solves problems experienced by the HTTPS ecosystem and the Web PKI today. However, that requires moving past repeated, unsubstantiated claims about how Trust Expressions enables government surveillance,

Re: [TLS] Confirming consensus: TLS1.3->TLS*

I recognize I don't participate on this list very often, but I also agree with TLS 4.0 and Dan's argument. I teach an undergraduate security course at Michigan; students have enough trouble keeping track of SSL vs TLS versions as it is. Jumping to 4.0 allows us to end this versioning debacle now.

Re: [TLS] TLS client puzzles

On Wed, Jun 29, 2016 at 12:25 PM Brian Smith wrote: > Dmitry Khovratovich wrote: > > It allows cheap and memoryless verification by the server even though the > > puzzle solving guaranteely requires dozens of MB of RAM from a client > > I feel like