> On Jan 15, 2019, at 6:05 AM, Viktor Dukhovni <[email protected]> wrote: > > Speaking of TLS handshake data in headers, while the "cipher" and > "group" are sufficient for TLS 1.2, where the cipher includes at > least the public key algorithm name. They are noticeably inadequate > for TLS 1.3, because the cipher includes only the bulk encryption > algorithm and PRF, but not signature algorithm. And there can be > two signature algorithms (one in each direction) when client certs > are in use. And I like to log the RSA key bit size or ECDSA curve > name.
That's a lot of information. How do we balance the privacy effect of volunteering that information versus the management benefits? -- Christian Huitema _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
