On 11/18/14, 5:06 PM, Jason Greene wrote: >> On Nov 17, 2014, at 11:52 PM, Martin Thomson <martin.thomson@gmail.com> wrote: >> >> >> On Nov 17, 2014 8:14 AM, "Jason Greene" <jason.greene@redhat.com> wrote: >>> Even better would be to support anonymous ECDH. Why bother requiring all of these fake certs to be generated when they have no legit purpose. >> That at least is an easy one to answer. If your handshake looks different (and any anonymous mode will, unless you use TLS 1.3 and some aggressive padding), then you open an invitation to MitM. Have them look identical, and it gets harder to mount an undetectable attack. Not to mention avoiding code complexity. > Thats pretty small advantage. Self signed certs are easily detected and decoded by anyone in a position to MITM. Yes. In fact, someone who works at a pretty large vendor stood up at the Zürich interim meeting and said that his product was doing just this. > > Anyway I thought the point was to replace plain text communication where possible, and that requires addressing the non-authenticated case, which this IAB statement even refrerences. > Yes. If anything, this group has led in efforts to use as much encryption as possible. The big question before you is really whether you agree with the concerns that PHB and Will Chen have separately raised, about whether anonymous encryption would cause people to not deploy The Real Thing. My crystal ball tells me that this is less of a concern than any interoperability problems we might see due to poor crypto algorithm agility. That is something that we as a community need to work on (and not just the browser folk). Eliot
Received on Tuesday, 18 November 2014 16:22:08 UTC