Re: New Version Notification for draft-thomson-http-encryption-00.txt from Martin Thomson on 2015-05-12 (ietf-http-wg@w3.org from April to June 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 12 May 2015 12:16:11 -0700
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnV_1BkJ9ynOWGX0-LsGaof2De1Q_W2BRRanrNZ3xiJ+Fw@mail.gmail.com>

On 12 May 2015 at 11:21, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> I don't think that is a guarantee you can give, unless you reinvent
> the entire SSL/TLS mess.

It's actually relatively easy to design something, but there is a cost
in fragility and flexibility.

Say you make key derivation dependent on the value of the client's
advertised capabilities.  Then content fails to decrypt (and
authenticate) if an attacker tampers with the advertisement.  It
doesn't work for requests as well (CICE might be forced into service,
but see above regarding fragility).

Received on Tuesday, 12 May 2015 19:16:38 UTC