On Thursday, November 8, 2018, Eric Rescorla <e...@rtfm.com> wrote: > It's also worth noting that in practice, many sites are served on > multiple CDNs which do not share keying material. > > Encrypting common knowledge is cargo cult fetishism for cryptography. The files could be sent unencrypted, and protected using subresource integrity. If you are sharing the same data to multiple second parties to serve to a single third party, the value of encryption is less than zero.
This could create a long drawn out argument which may prove that it is impossible to change anything about TLS as it has reached a point where too many people are doing too many things to it, that is outside any original or rational design. In any case, Eric, you inadvertently contradict yourself. The whole point of WebPKI is to certify trust, and has been an issue over the years. But CDNs act as a intermediary between the creator of the content and the end user. CDNs do not have as strict requirements as do CAs in terms of auditing, and have their own issues outside the scope of this conversation. Like I said, this could go on forever, I’m just making one point, you people have made a protocol does very little of what one should expect it should do, and the internet has evolved to be some sort of non functioning system, the best example of which would be that everyone has forgotten what URI standards are supposed to be about. In any case, TLS 1.3 won’t reach widespread adoption for another few years, and any subsequent protocol (independent of Google’s worldwide lab experiment) won’t be finalized for five years, and depending on how radical it is, won’t achieve mass adoption for four to fifteen years. By which point layer 2 protocols might allow for IPv6 jumbo packets to be used.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
