W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: New Version Notification for draft-snell-httpbis-keynego-01.txt

From: Roberto Peon <grmocg@gmail.com>
Date: Tue, 19 Nov 2013 17:33:18 -0800
Message-ID: <CAP+FsNdj-Ng02OA8CKT11fiVBp-zYwdYH9v+-ZZ+eCLMyX3w8g@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Mark Nottingham <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
More of a nightmare than a challenge, but such is UI, and I thank my lucky
stars to not have to deal with it right now!

Being able to run a handshake in parallel with whatever else can only
happen when one doesn't need or want the integrity handshake, which is
necessary for detecting a malicious filtering MITM (and yes one can never
*prevent* such, but detection is quite important).

On Tue, Nov 19, 2013 at 5:23 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:

> In message <
> CAP+FsNcNtdo9amaboDDDWbMGz47DgCed6q-BS_zLB275Y_MN4w@mail.gmail.com>
> , Roberto Peon writes:
> >Exposing the framing/length of things that would be in an
> >encrypted-by-TLS bytestream today, however, does worry me--
> >it makes BEAST/CRIME-like attacks significantly more difficult
> >to protect against.
> Absolutely.
> And there is no doubt either that there is an UI challenge in
> communicating the security situation, if the various elements you
> see are protected to different levels and degrees.
> But there are also many benefits, for instance being able to
> run the crypto-handshake in parallel with delivery of the first
> unprotected page elements, rather than stall everything until TLS
> has gotten its bits sorted out.
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 20 November 2013 01:33:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:20 UTC