Re: [TLS] Rethink TLS 1.3
Nico Williams <nico@cryptonector.com> Mon, 24 November 2014 10:42 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2DAF1A1EF8 for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 02:42:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.533
X-Spam-Level:
X-Spam-Status: No, score=0.533 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtFZqE9nx-zN for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 02:42:30 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 484581A1EEF for <tls@ietf.org>; Mon, 24 Nov 2014 02:42:30 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTP id 2A4DA674060; Mon, 24 Nov 2014 02:42:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=R/Rhf+omy/dwNPd5n0iz4unzK9E=; b=uahBgujuBcR n8wAKbPMH0rpsdNnU6XJ7BeL943jruo9gEk5fAVB1kt0QLJOFUueaqOuw3/8SKzQ vdi0XNsU8uMlAAHKxlcH3TbjxEpYZ3iKZ/PSTeqBMSdFvnhDdydrXjPOr8ER9spc l8DvxsI73Aodr4atCBVzx+s3cITjTmkg=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTPA id D60DB674059; Mon, 24 Nov 2014 02:42:29 -0800 (PST)
Date: Mon, 24 Nov 2014 04:42:29 -0600
From: Nico Williams <nico@cryptonector.com>
To: Henrick Hellström <henrick@streamsec.se>
Message-ID: <20141124104226.GE3200@localhost>
References: <CACsn0ckmYrx+S--pP6P7VgjsmqQsoYnp+m-9hTPT-OJ9waUtkA@mail.gmail.com> <5470742A.8020002@streamsec.se> <CACsn0cnKqkHxw0Hudw0OGM1mVxZKJhj04ig2G3KtURtWhYTacw@mail.gmail.com> <20141124101744.GC3200@localhost> <547308E2.6060809@streamsec.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
In-Reply-To: <547308E2.6060809@streamsec.se>
User-Agent: Mutt/1.5.21 (2010-09-15)
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/i7tjzA36Fan1sR43VIM-ZOffogs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 10:42:31 -0000
On Mon, Nov 24, 2014 at 11:30:58AM +0100, Henrick Hellström wrote: > Actually, no, it doesn't. The Internet threat model is based on the > premise that both ends are uncompromised. If the client is allowing > third party javascript to connect to arbitrary HTTPS servers, > impersonating the client that runs the script, that client is > compromised. The Internet threat model always will have to assume local security. We're designing TLS. We are not really in a prosition to dictate to applications that they must not use cookies (though we can and must state clearly what applications can expect from TLS), especially not since we can (and must) make TLS 1.3 resistant to BEAST/CRIME style attacks (we shouldn't make apps change unnecessarily). This is NOT a defense of the web security model, BTW, please don't mistake it as such. Nico --
- [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Eric Rescorla
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Hanno Böck
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Ralph Holz
- Re: [TLS] Rethink TLS 1.3 Jeffrey Walton
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Florian Weimer
- Re: [TLS] Rethink TLS 1.3 Martin Rex
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Martin Rex
- Re: [TLS] Rethink TLS 1.3 Martin Rex
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Salz, Rich
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Brian Smith
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Daniel Kahn Gillmor
- Re: [TLS] Rethink TLS 1.3 Yoav Nir
- Re: [TLS] Rethink TLS 1.3 Hubert Kario
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Hubert Kario
- Re: [TLS] Rethink TLS 1.3 Bodo Moeller
- Re: [TLS] Rethink TLS 1.3 Joseph Salowey
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Peter Gutmann
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Rethink TLS 1.3 Ilari Liusvaara
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Peter Gutmann
- Re: [TLS] Rethink TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Rethink TLS 1.3 Ryan Sleevi
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Peter Gutmann