Re: [TLS] Rethink TLS 1.3

Nico Williams <nico@cryptonector.com> Mon, 24 November 2014 17:03 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1436E1A872E for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 09:03:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.333
X-Spam-Level:
X-Spam-Status: No, score=0.333 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fRQfvb3y6o-6 for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 09:03:00 -0800 (PST)
Received: from homiemail-a64.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 724071A8721 for <tls@ietf.org>; Mon, 24 Nov 2014 09:03:00 -0800 (PST)
Received: from homiemail-a64.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTP id 49F96438072; Mon, 24 Nov 2014 09:03:00 -0800 (PST)
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTPA id DF546438079; Mon, 24 Nov 2014 09:02:59 -0800 (PST)
Date: Mon, 24 Nov 2014 11:02:59 -0600
From: Nico Williams <nico@cryptonector.com>
To: Martin Rex <mrex@sap.com>
Message-ID: <20141124170257.GJ3200@localhost>
References: <20141124105948.GH3200@localhost> <20141124165601.0E7A71B004@ld9781.wdf.sap.corp>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20141124165601.0E7A71B004@ld9781.wdf.sap.corp>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/jVGtU6TgESJ2FYopYb7K-mLhuj4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 17:03:01 -0000

On Mon, Nov 24, 2014 at 05:56:01PM +0100, Martin Rex wrote:
> Nope.  BEAST, CRIME and Poodle are pretty boring demonstrations of the
> ridiculous insecurity of WebBrowsers in their default configuration.

Yes, they were that too.  And by then we knew well about adaptive
plaintext attacks.  Still, they also were demonstrations that the
network has to be assumed to be under control of the adversary, and IMO
they were dramatic at that.  If anyone still doubted the adversary's
control of the network before BEAST, no one does now.

Nico
--