Hi,
On 3/28/23 00:39, Hal Murray wrote:
h...@selasky.org said:
A typical video stream of 4 MBit/s may produce on average 333 packets per
second, and I ask a simple question if it is really needed to authenticate
all of those packets while the user sits in a chair and eats popcorn?
Are you sure there is a user eating popcorn?
The majority - yes.
Are there any 0-day exploits in your video system?
That's a reminder to not use over complicated and secret sauce video
codecs. Probably there is a 0-day exploit in the .mp4 codec already,
implanted by secret services. Who knows. Nice to get rid of it!
Is that middle box doing the right thing?
If someone tampers internet in my town, the half a mile it goes down to
the bank, I'm pretty sure I'll figure it out myself. But you know how
ISP's like to do it, they send the traffic hundreds of miles to the
nearest data/recording center, and then sends it back again. Encryption
will never solve that problem, internet traffic goes way longer than it
should. Infact governments require access to crypto keys so they can
decrypt all traffic anyway - so what are you saying about middle boxes
doing again .... and encryption can do something about it? Nah, I don't
think so.
The main problem I see with your proposal is that it adds complexity.
Everybody using TLS will now have to consider what happens if your option gets
enabled and/or how to make sure that it doesn't get enabled. Security is
complicated. Making it more complicated is a step in the wrong direction.
Yes, that's why I want a central change in this area, and not something
custom, to avoid a big fight about the next httpX protocol.
Does your popcorn eating user need TLS as all?
That's a good question. People eating popcorn while watching movies on
the TV probably also knows how their internet works - so I guess the
answer is no :-)
--HPS
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls