On 8/21/18 at 7:24 AM, stephen.farr...@cs.tcd.ie (Stephen
Farrell) wrote:
I agree. Quoting the meat of the abstract of RFC8446:
TLS allows client/server applications to communicate
over the Internet in a way that is designed to prevent eavesdropping,
tampering, and message forgery.
I spent some time thinking about integrity protected,
authenticated, replay resistant protocols during the late 1990s
as the crypto wars were running hot and heavy. I decided the
problem wasn't as simple as the fully encrypted protocols of
which TLS is an example.
A number of people have concerns about building connections with
no secrecy, even when secrecy is desired by the endpoints,
either because of specification errors or because of downgrade
attacks. I share those concerns, and would be willing to
consider a protocol that uses entirely different packet
identifiers from those used by TLS as a way to reduce this problem.
I do think that the TLS working group is well qualified to
analyse the design of such a protocol.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Since the IBM Selectric, keyboards have gotten
408-356-8506 | steadily worse. Now we have touchscreen keyboards.
www.pwpconsult.com | Can we make something even worse?
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls