IETF Logo Mail Archive

Re: [TLS] Resumption and Forward Secrecy, 0-RTT and Safety

Bill Frantz <frantz@pwpconsult.com> Mon, 28 March 2016 21:04 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07C7A12D145 for <tls@ietfa.amsl.com>; Mon, 28 Mar 2016 14:04:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Level:
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fn_GX60MLHDq for <tls@ietfa.amsl.com>; Mon, 28 Mar 2016 14:04:44 -0700 (PDT)
Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64]) by ietfa.amsl.com (Postfix) with ESMTP id 544F112D0E1 for <tls@ietf.org>; Mon, 28 Mar 2016 14:04:41 -0700 (PDT)
Received: from [173.75.83.83] (helo=Williams-MacBook-Pro.local) by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1akeKn-0003r8-FT; Mon, 28 Mar 2016 17:04:25 -0400
Date: Mon, 28 Mar 2016 14:04:20 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Colm MacCárthaigh <colm@allcosts.net>
X-Priority: 3
In-Reply-To: <CAAF6GDeLshxG0o2_a9vPBTMtNHLNf9tynJaPPnAm2ZrAca19iw@mail.gmail.com>
Message-ID: <r470Ps-10114i-5AC104EF3FD2444C920BFB79296F6D1D@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4 (470)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec793086f65a086d7dad2ba842be69b6fe23350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 173.75.83.83
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/szsJxKuHp5M2iPN51nPwM2E-q5s>
Cc: tls@ietf.org
Subject: Re: [TLS] Resumption and Forward Secrecy, 0-RTT and Safety
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2016 21:04:46 -0000

On 3/28/16 at 11:55 AM, colm@allcosts.net (Colm MacCárthaigh) wrote:

>surely there are very sensitive things in urls,

A number of URLs include an authorization token which authorizes 
access to a resource. This token is frequently a long 
"unguessable" number. It must be kept secret. I think DropBox 
URLs are one example.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | The first thing you need when  | Periwinkle
(408)356-8506      | using a perimeter defense is a | 16345 
Englewood Ave
www.pwpconsult.com | perimeter.                     | Los Gatos, 
CA 95032

v2.23.0 | Report a Bug | By Email