On Monday 07 March 2016 23:32:55 Martin Thomson wrote: > On 7 March 2016 at 23:02, Hubert Kario <hka...@redhat.com> wrote: > > well, if some people don't care about their implementation being > > fingerprintable, let them be, but there should but at least a > > recommendation what to do if you want to avoid that. > > I'd be very surprised if this added anything to the fingerprinting > entropy already present in TLS implementations. You can't use this > sort of thing to distinguish one user of NSS from another NSS user.
correct, but that's not what I meant by fingerprinting > BTW, I'm pretty much not willing to volunteer to review the patch that > made NSS less fingerprintable as NSS. I'm pretty sure that involves > replacing NSS with OpenSSL. the current fingerprinting depends on alert descriptions sent for different invalid messages in most cases it's just a question of changing a decode_error to illegal_parameter or similar simple changes -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls