Hey EKR,
Sent from my mobile device
> On Dec 18, 2018, at 4:48 PM, Eric Rescorla wrote:
>
>
>
>> On Tue, Dec 18, 2018 at 10:54 AM Kathleen Moriarty
>> wrote:
>> Just a clarifying question inline
>>> On Sun, Dec 16, 2018 at 3:30 PM Eric Rescorla wrote:
>>>
>>>
On Sun, Dec 16, 2018 at
> On Dec 18, 2018, at 4:48 PM, Eric Rescorla wrote:
>
> To my knowledge, no generic browser client does DNSSEC validation, for the
> reason that when people have looked at it it created unaceptable failure
> rates.
Agreed. That's a pretty safe bet. The last-mile problem is still with us f
On Tue, Dec 18, 2018 at 10:54 AM Kathleen Moriarty <
kathleen.moriarty.i...@gmail.com> wrote:
> Just a clarifying question inline
> On Sun, Dec 16, 2018 at 3:30 PM Eric Rescorla wrote:
>
>>
>>
>> On Sun, Dec 16, 2018 at 11:45 AM Paul Wouters wrote:
>>
>>> On Fri, 14 Dec 2018, Eric Rescorla wrote
Just a clarifying question inline
On Sun, Dec 16, 2018 at 3:30 PM Eric Rescorla wrote:
>
>
> On Sun, Dec 16, 2018 at 11:45 AM Paul Wouters wrote:
>
>> On Fri, 14 Dec 2018, Eric Rescorla wrote:
>>
>> > However, in a large number of cases (e.g., an attacker on your local
>> network,
>> > there are
On Fri, Dec 14, 2018 at 08:53:47PM -0600, Nico Williams wrote:
> Figure 1: Alternative ESNI w/o active protection
Figure 1 was expositional. Please forget it.
> Figure 2: Alternative ESNI w/ active protection
> Figure 3: Alternative ESNI w/ active protec
On Tue, Dec 18, 2018 at 01:58:53AM +, Stephen Farrell wrote:
> On 17/12/2018 23:33, Nico Williams wrote:
> > Maybe we do both, the current ESNI proposal and this as an alternative
> > for when ESNI keyshare orchestration is difficult, and in that case you
> > don't get to do split mode.
>
> In
> On Dec 17, 2018, at 8:58 PM, Stephen Farrell
> wrote:
>
> That said, I'd bet we're all generally unkeen on "do both" but
> maybe the above-mentioned PR avoids that by casting the HRR-mode
> as way to better handle a likely operational failure mode.
I guess the reason I started thinking along
On 17/12/2018 23:33, Nico Williams wrote:
>
> Maybe we do both, the current ESNI proposal and this as an alternative
> for when ESNI keyshare orchestration is difficult, and in that case you
> don't get to do split mode.
Interesting that the above overlaps a bit with the PR davidben
just posted
On Sat, Dec 15, 2018 at 01:08:50PM +, Stephen Farrell wrote:
> On 15/12/2018 02:53, Nico Williams wrote:
> > OpenSSL extracts and uses SNI from session resumption tickets.
> >
> > This gave Viktor Dukhovni and Matt Caswell an idea that I'll relay here
> > on their behalf.
>
> I agree this is
On Sun, Dec 16, 2018 at 11:45 AM Paul Wouters wrote:
> On Fri, 14 Dec 2018, Eric Rescorla wrote:
>
> > However, in a large number of cases (e.g., an attacker on your local
> network,
> > there are non-DNSSEC ways of obtaining this property, such as using DoH.
>
> Data origin authenticity is not t
On Fri, 14 Dec 2018, Eric Rescorla wrote:
However, in a large number of cases (e.g., an attacker on your local network,
there are non-DNSSEC ways of obtaining this property, such as using DoH.
Data origin authenticity is not the same as transport security.
DoH offers no guarantee that the non
On Sat, Dec 15, 2018 at 12:01 PM Viktor Dukhovni
wrote:
>
>
> > On Dec 15, 2018, at 8:08 AM, Stephen Farrell
> wrote:
> >
> > I don't see any point in considering the variant with the easy
> > active attack though;
>
> For the record the easy MiTM attack requires on-path TCP termination,
> only
On Sat, Dec 15, 2018 at 12:41 PM Stephen Farrell
wrote:
> If browsers found one of the schemes attractive and the other
> not, that'd I think be a winning argument - unfortunately, but
> realistically, that'd win all arguments about trade-offs in
> terms of potential for privacy improvement.
>
I
[ After this comment, stepping back for a while, I want to hear what others
think about the general shape of the alternative... ]
> On Dec 15, 2018, at 3:40 PM, Stephen Farrell
> wrote:
>
>> For opportunistic discovery, yes also DNS, but the DNS record would
>> just hold a stable indication o
Hiya,
On 15/12/2018 20:00, Viktor Dukhovni wrote:
>
>
>> On Dec 15, 2018, at 8:08 AM, Stephen Farrell
>> wrote:
>>e
>> I don't see any point in considering the variant with the easy
>> active attack though;
>
> For the record the easy MiTM attack requires on-path TCP termination,
> only disc
> On Dec 15, 2018, at 8:08 AM, Stephen Farrell
> wrote:
>
> I don't see any point in considering the variant with the easy
> active attack though;
For the record the easy MiTM attack requires on-path TCP termination,
only discloses the SNI name, and the full handshake then fails. It
looks t
On Fri, Dec 14, 2018 at 9:48 PM Nico Williams wrote:
> On Fri, Dec 14, 2018 at 08:01:35PM -0800, Eric Rescorla wrote:
> > On Fri, Dec 14, 2018 at 6:54 PM Nico Williams
> wrote:
> > > OpenSSL extracts and uses SNI from session resumption tickets.
> > > This gave Viktor Dukhovni and Matt Caswell a
Hi Nico,
On 15/12/2018 02:53, Nico Williams wrote:
> OpenSSL extracts and uses SNI from session resumption tickets.
>
> This gave Viktor Dukhovni and Matt Caswell an idea that I'll relay here
> on their behalf.
I agree this is worth exploring, though am not sure if it'd be
better in the end. (I
On Fri, Dec 14, 2018 at 08:01:35PM -0800, Eric Rescorla wrote:
> On Fri, Dec 14, 2018 at 6:54 PM Nico Williams wrote:
> > OpenSSL extracts and uses SNI from session resumption tickets.
> > This gave Viktor Dukhovni and Matt Caswell an idea that I'll relay here
> > on their behalf.
> >
> > Also, wh
On Fri, Dec 14, 2018 at 6:54 PM Nico Williams wrote:
> OpenSSL extracts and uses SNI from session resumption tickets.
>
> This gave Viktor Dukhovni and Matt Caswell an idea that I'll relay here
> on their behalf.
>
> Also, while we're at it, I'd like to note that SNI is not the only thing
> requi
OpenSSL extracts and uses SNI from session resumption tickets.
This gave Viktor Dukhovni and Matt Caswell an idea that I'll relay here
on their behalf.
Also, while we're at it, I'd like to note that SNI is not the only thing
requiring privacy protection from the client. There's also the PSK
iden
21 matches
Mail list logo
