[hrpc] The IEEE project about TLS
Stephane Bortzmeyer <bortzmeyer@nic.fr> Thu, 30 March 2017 00:39 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33315126D05 for <hrpc@ietfa.amsl.com>; Wed, 29 Mar 2017 17:39:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MB-SrqE9-zd7 for <hrpc@ietfa.amsl.com>; Wed, 29 Mar 2017 17:39:32 -0700 (PDT)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [217.70.190.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C9EE124D68 for <hrpc@irtf.org>; Wed, 29 Mar 2017 17:39:32 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id D5D0331C7D; Thu, 30 Mar 2017 02:39:29 +0200 (CEST)
Received: by godin (Postfix, from userid 1000) id B2662EC0FD3; Thu, 30 Mar 2017 02:39:08 +0200 (CEST)
Date: Wed, 29 Mar 2017 19:39:08 -0500
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: hrpc@irtf.org
Message-ID: <20170330003908.GB26037@laperouse.bortzmeyer.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
X-Transport: UUCP rules
X-Operating-System: Ubuntu 16.04 (xenial)
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/l-dnb31PvV_uirgiwDEbuY2pR1E>
Subject: [hrpc] The IEEE project about TLS
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "niels@article19.org" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 00:39:34 -0000
At the plenary, someone said that the IEEE, in one of its working groups, works on a TLS interception solution. He was not sure it was was officially adopted by the IEEE or just discussed. It seems that it is this technical solution: http://mctls.org/ A perfect example of the things we discuss in HRPC about the responsability of the engineers. Not only such "solutions" open possible vulnerabilities in TLS (a protocol which is complicated and sometimes brittle: changes have unintended consequences), but it is also easy to see how it could be used for evil.
- [hrpc] The IEEE project about TLS Stephane Bortzmeyer
- Re: [hrpc] The IEEE project about TLS nalini.elkins