Re: [TLS] Another [Well-deserved] attack on TLS CCA
Nico Williams <nico@cryptonector.com> Tue, 18 June 2013 20:36 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87D6021F962D for <tls@ietfa.amsl.com>; Tue, 18 Jun 2013 13:36:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fL8LRGN5jOGk for <tls@ietfa.amsl.com>; Tue, 18 Jun 2013 13:36:01 -0700 (PDT)
Received: from homiemail-a73.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by ietfa.amsl.com (Postfix) with ESMTP id A7CEF21F9452 for <tls@ietf.org>; Tue, 18 Jun 2013 13:36:01 -0700 (PDT)
Received: from homiemail-a73.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTP id 532301F008B for <tls@ietf.org>; Tue, 18 Jun 2013 13:36:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=797k/q4+s6pRGPBd/Tq/ bZqPXY4=; b=anKFzSJFA6gxpQD0LhTobhbxbm41Fu2tg9m/tfbezOlisQFY29Xg lCVP662gDfF4MpOVILRLFjyhq3NMounZLiRZgkGSzBOEULukB6IKK2WlfUZMsybE LP14AaYviM3pQBEfpNd55kyCFbLYO95+/ic62nqOvnyhgTZ1aJaqLjs=
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTPSA id E091D1F0087 for <tls@ietf.org>; Tue, 18 Jun 2013 13:36:00 -0700 (PDT)
Received: by mail-wi0-f175.google.com with SMTP id m6so3891705wiv.2 for <tls@ietf.org>; Tue, 18 Jun 2013 13:35:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=4LLiXXMSz1Ucr4cLezau984yTYCsrcqHOKme/2Et8bQ=; b=fJNNf80qQAC/iWg1znBzmSpx8V3tSyJDIGjBL2yN0MwtMx3wv03yB16j9p+J6Iop4r H2v1nXKQ+JDkgoYuh5Ke9MMbCPKfQt3ljwD1afoEF2cdSoYIndpw5tl/u101Q+Ze8hiM 9iaWIITf2v/OCwMowMayDjffM83WA79Zv/2xGWAq4hTELWrA0ZvuumZqhHwt/+f3Folc G1Yo8POhuRaIazasmxnVGHwVt38q9af8QxcniHchEr73I0YgbmHHF6yWqVsAGGAFyY72 Nwn8JUKDyi7OlsmvKnSZ+wKC7Uf1iD2dt31/3yONSBuNhYv1OVLQtG/jilLImNPw2FD+ w9vQ==
MIME-Version: 1.0
X-Received: by 10.194.63.46 with SMTP id d14mr12207519wjs.81.1371587759674; Tue, 18 Jun 2013 13:35:59 -0700 (PDT)
Received: by 10.216.29.5 with HTTP; Tue, 18 Jun 2013 13:35:59 -0700 (PDT)
In-Reply-To: <51C0A762.9030909@telia.com>
References: <51C0A762.9030909@telia.com>
Date: Tue, 18 Jun 2013 15:35:59 -0500
Message-ID: <CAK3OfOhar6ANMZUdX9StZa+hY3SGPhyb-LRvEfU8=AOjLhZMHQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Anders Rundgren <anders.rundgren@telia.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Another [Well-deserved] attack on TLS CCA
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2013 20:36:06 -0000
BrowserID uses its certificates at the application-layer, not in TLS. I think that's the correct approach. (That still leaves the use of TLS server certs for authenticating servers; that's not going to go away. Ideally mechanisms like BrowserID can do channel binding so that the dependence on the TLS server PKI can be mitigated / eventually removed.) Nico --
- [TLS] Another [Well-deserved] attack on TLS CCA Anders Rundgren
- Re: [TLS] Another [Well-deserved] attack on TLS C… Adam Langley
- Re: [TLS] Another [Well-deserved] attack on TLS C… Anders Rundgren
- Re: [TLS] Another [Well-deserved] attack on TLS C… Nico Williams
- Re: [TLS] Another [Well-deserved] attack on TLS C… Anders Rundgren
- Re: [TLS] Another [Well-deserved] attack on TLS C… Geoffrey Keating
- Re: [TLS] Another [Well-deserved] attack on TLS C… Anders Rundgren
- Re: [TLS] Another [Well-deserved] attack on TLS C… Geoffrey Keating
- Re: [TLS] Another [Well-deserved] attack on TLS C… Anders Rundgren