On Sat, Jan 13, 2018 at 12:02 AM, Hanno Böck wrote:
>
> The question I want to ask: What can we do *now* to stop this from
> happening when TLS 1.4 will be deployed? I have the feeling GREASE
> won't be enough...
Sidebar: TLS 4 ;)
--
Tony Arcieri
___
Ship it
--
Tony Arcieri
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Back during the previous last call, I felt really guilty about bringing up
the 0-RTT stuff so late. Even though it turned out that middle boxes turned
out to be a bigger problem to deal with anyway, I just want to say that I'm
really grateful for the 0-RTT related changes in the document and for th
Hi Colm,
Thanks for your note. This seems straightforward to handle before IETF-LC.
Maybe something like:
"Note: many application layer protocols implicitly assume that replays are
handled at lower levels. Tailure to observe these precautions may exposes
your application to serious risks which ar
The research that this is built on isn't especially new:
https://arxiv.org/abs/1607.01639
The interesting observation in that paper is that the results are
obtained only from the subset of malware that uses its own TLS
configuration. Those that used the Windows stack in a default
configuration we
Thanks for the abundant generosity of patience, but I didn't mean that I
wanted to add a note to the text of the I-D, there's been enough delay and
I'm excited to see this progress. I just meant "add a note" in my e-mail
;-) Though I do like your terse note, it's right to the point.
On Sun, Jan 14
