Re: New Version Notification for draft-snell-httpbis-keynego-01.txt

More of a nightmare than a challenge, but such is UI, and I thank my lucky
stars to not have to deal with it right now!

Being able to run a handshake in parallel with whatever else can only
happen when one doesn't need or want the integrity handshake, which is
necessary for detecting a malicious filtering MITM (and yes one can never
*prevent* such, but detection is quite important).

On Tue, Nov 19, 2013 at 5:23 PM, Poul-Henning Kamp <>wrote:

> In message <
> , Roberto Peon writes:
> >Exposing the framing/length of things that would be in an
> >encrypted-by-TLS bytestream today, however, does worry me--
> >it makes BEAST/CRIME-like attacks significantly more difficult
> >to protect against.
> Absolutely.
> And there is no doubt either that there is an UI challenge in
> communicating the security situation, if the various elements you
> see are protected to different levels and degrees.
> But there are also many benefits, for instance being able to
> run the crypto-handshake in parallel with delivery of the first
> unprotected page elements, rather than stall everything until TLS
> has gotten its bits sorted out.
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.

Received on Wednesday, 20 November 2013 01:33:47 UTC