On Thu, 2016-07-07 at 10:37 +0100, Stephen Farrell wrote: > Hiya, > > Just on this one thing... > > On 07/07/16 09:13, Nikos Mavrogiannopoulos wrote: > > > > does not make the situation any worse > > than we have today. > I don't accept that is the correct goal. That form of > argument is what lead to us standardising the HTTP > Forwarded header field, which IMO was a disimprovement. > (An argument I lost in the end in that case [1], but > 'twas close, and back in 2012 so might go the other > way today;-) > I would argue that the correct goal is to make things > better whenever possible, with that being especially > important for protocols like (D)TLS on which many > other things depend. > I do agree that any scheme developed would need to > meet the state management requirements of servers. > I'm not convinced those requirements call for a new > super-cookie though:-)
I understand your point, I'm not fully convinced by that argumentation. I may be wrong of course, but I'll try to explain my point. Indeed putting privacy first should be a goal of TLS/DTLS, but to the extent it covers the protocol goals. What you propose is to make a stream anonymous, untrackable. However, that (anonymity or untrackability of the stream) was never a stated goal of TLS/DTLS. In fact TLS is by definition trackable over TCP and one can see in the clear the IPs of the two peers communicating. That doesn't change by switching to DTLS, except for unfortunate situations of routers losing state and client roaming, which current servers cannot easily cope with, and that's the problem I attempt to address. I think the principle of doing one simple thing and doing it well, applies to protocols as well. TLS and DTLS provide a layer of confidentiality and authenticity. Anonymity, untrackability can be provided by other protocols focused on that such as TOR. regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
