[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: TLS NPN (Next Protocol Negotiation)
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: TLS NPN (Next Protocol Negotiation)
- From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
- Date: Tue, 17 Aug 2010 19:08:59 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 17 Aug 2010 19:09:05 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=M+1Xn1Hvt92K5J0EbxA5ashd86Sgxw9rWLmccUrA2ds=; b=r2v9/TlVFxbl8bpFdTw0NtPWFJgw8I9BfFnCdjW2ALpMRk0DXSEZn4FfwRZ+wX0on9 WHGoEmd+4p/oqemvSOkVUnsHqvPVfr5QqCBR4T68nIMI54Rk0u+/HNXrtG46lktXIOSS Srdi9w6ElTdFRCmoEMbL8rAjnZtHqiTeWjipM=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=J0uswSpmSMRZBiaTdrmrB6R1li+8sSQ2Z2VTplxy5LOnu6FVbO94M6G/P55thyy33e CCMeKvJ2/ja7ewVMyi9igEVxqnS9y8DC79PTBibcfn2EDl+V+KF2XFuiTGnww7vGe0rl 8bw1DX+QIamuqFFz0L9ZSF/ddFFFtKcmrIQys=
- In-reply-to: <20100817060827.GA2493@sescenties>
- References: <20100817060827.GA2493@sescenties>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Tue, Aug 17, 2010 at 2:08 AM, Seth David Schoen <schoen@xxxxxxx> wrote:
[snip]
> I'm tempted to reply pointing out that _all_ uses of TLS represent
> at least potential support for a threat model in which a network
> operator is the adversary whom users are trying to defend against.
> So there's not much conceptually new about having TLS reduce network
> operators' control over traffic, although some of the people in
> the discussion seem to feel there is a qualitative difference
> between, say, keyword filtering and protocol filtering.
s/network operator/someone with access to the network/
A protocol which places the service type outside of the crypto isn't
_only_ vulnerable to the formal operators of the network it's just
simply vulnerable. If you can trust that people with access to the
network are trustworthy then why are you using TLS at all?
If the IETF wishes to make the protocol subject to control by network
operators then they should incorporate an explicit cryptographically
secured backdoor (i.e. something similar to key escrow). This would be
bad from a privacy and security perspective, but because it would be
explicit it would still be arguably superior to INTENTIONALLY MAKING
THE PROTOCOL IMPLICITLY VULNERABLE NOT ONLY TO THE PEOPLE YOU ARE
EXPECTED TO TRUST BUT TO THE ENTIRE WORLD. ahem.
I feel better now.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/