- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 15 Aug 2014 12:54:19 +0000
- To: "Martin Nilsson" <nilsson@opera.com>
- cc: ietf-http-wg@w3.org
-------- In message <op.xkmwanaliw9drz@riaa>, "Martin Nilsson" writes: >On Fri, 15 Aug 2014 13:25:36 +0200, Mark Nottingham <mnot@mnot.net> wrote: >What you can do in an MITM scenario isn't really relevant to PM. It's >still harder to MITM weak TLS than clear text. You don't need to MITM clear text, you just read it. The big step in cost is going from tcpdump to MITM. >I think it is more worrisome having the weak ciphers in there at all, as >it opens up for bad configurations and downgrade attacks of https >connections. This is a valid concern, and a good reason why one might consider something more tailored to whitening and quite distinct from TLS. Designing or even proposing that is way over my pay-grade. The bar is pretty low though. If we can increase the cost of inspecting (ie: brute-forcing) a non-privacy HTTP connection to something above 25msec CPU time, we have made PM uneconomical. >250msec and we have eliminated it. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 15 August 2014 12:54:42 UTC