> On Apr 11, 2016, at 9:05 AM, Martin Rex wrote:
>
> The TTL of a DNS record is *NOT* protected by DNSSEC, and can be
> regenerated at will by an attacker, will be regenerated by intermediate
> DNS server and its purpose is purely cache-management, *NOT* security.
>
> Only the "Signature Expira
> > Can you compare the TTL of the ephemeral key record with the A/
> > record TTL? Are they related? If someone can get phony records into
> > DNS, can they then become the real MLT server? For how long?
>
>
> Admittedly I don't know anything about MLT, but your question indicates
> what
Salz, Rich wrote:
>> In MinimaLT, the current ephemeral key for the server is added to
>> the DNS record fetched during the DNS lookup. These entries expire fairly
>> quickly, ensuring that old keys are never used.
>
> Can you compare the TTL of the ephemeral key record with the
> A/ rec
> In MinimaLT, the current ephemeral key for the server is added to
> the DNS record fetched during the DNS lookup. These entries expire fairly
> quickly, ensuring that old keys are never used.
Can you compare the TTL of the ephemeral key record with the A/ record TTL?
Are they relate
On Fri, Apr 8, 2016 at 6:42 PM, Wan-Teh Chang wrote:
> On Fri, Apr 8, 2016 at 2:31 PM, Eric Rescorla wrote:
> >
> > ... TLS 1.3 supports two PSK-resumption modes:
> >
> > 1. Pure PSK, which has somewhat better security properties than in TLS
> 1.2
> > 2. PSK-ECDHE, which has similar security pro
On Fri, Apr 8, 2016 at 1:50 PM, Jim Roskind wrote:
> If a symmetric-session-ticket-decryption-key was compromised by a server,
> as a result of a break-in, or a subpoena, then all traffic that depended on
> the session resumption tickets would be at risk. Moreover, a third party
> attacker that
On Fri, Apr 8, 2016 at 6:13 PM, Bill Cox wrote:
> On Fri, Apr 8, 2016 at 1:50 PM, Jim Roskind wrote:
>
>> The combination of DHE and TLS 1.3 session resumption via session
>> tickets, can destroy the forward secrecy property that DHE was intended to
>> provide. With the proposed removal of DHE-
