Hans Petter,
Before I address your technical points, I would observe that your
tone here isn't ideal for getting people excited about your ideas.
If you think there's something that people don't understand, then
by all means explain it, but telling people that they have a "total lack
of kernel-sid
Dear TLS Working Group,
I am writing to bring to your attention a potential security concern
regarding the exchange of client certificates during the TLS handshake
process. While the use of client certificates for authentication is a useful
security measure, it also presents a risk in terms of
Dear TLS Working Group,
I am writing to propose a new method for enhancing the security of mutual
authentication in TLS. The current TLS protocol requires the exchange of
client and server certificates in cleartext during the initial handshake,
which exposes sensitive client information to pote
On Sun, Mar 26, 2023 at 02:18:58AM +, Yannick LaRue wrote:
> [...] This means that information such as the client's name, email
> address, and other identifying details are transmitted in cleartext,
> potentially allowing for interception and exploitation by malicious
> actors.
This is true f
Hi,
The problem is also incompletely described, right?
It doesn't address stuff like:
https://github.com/F-Stack/f-stack
There, you have userspace networking right off the NIC using DPDK or
equivalent. This is how all big websites work (this one is from Tencent),
because it's easier to drain con
Hi Rob,
Without wading into the other technicals of the discussion at this point, I
just wanted to comment that there is at least one significant exception to
your absolute statement below ( "no one with a serious load..."), and it's
quite possible given the circumstantial information here that th
On Sun, Mar 26, 2023 at 6:06 PM Patrick Kelsey
wrote:
> Absent that one giant slice of internet traffic, I would agree your point
> does broadly apply (and I'm well familiar with user-space networking - for
> example, the core of f-stack project you mentioned was originally
> misappropriated code
Hi,
The hardware offload Hans is referring to is for AES-GCM, and the integrity
protection is the Galois MAC; SHA has nothing to do with it.
As it happens, my ANRP talk at the IRTF open meeting today (13:00) will
explain how TLS offload in Mellanox NICs works, and hopefully it will
clarify what's
AS Viktor noted in a separate e-mail TLS 1.3 already encrypts the client
certificate.
-Ekr
On Sun, Mar 26, 2023 at 4:00 PM Yannick LaRue wrote:
> Dear TLS Working Group,
>
>
>
> I am writing to propose a new method for enhancing the security of mutual
> authentication in TLS. The current TLS p
On Sun, Mar 26, 2023, 5:05 PM Rob Sayre wrote:
> Hi,
>
> The problem is also incompletely described, right?
>
> It doesn't address stuff like:
> https://github.com/F-Stack/f-stack
>
> There, you have userspace networking right off the NIC using DPDK or
> equivalent. This is how all big websites w
On Sun, Mar 26, 2023 at 6:51 PM Watson Ladd wrote:
>
>
> On Sun, Mar 26, 2023, 5:05 PM Rob Sayre wrote:
>
>> Hi,
>>
>> The problem is also incompletely described, right?
>>
>> It doesn't address stuff like:
>> https://github.com/F-Stack/f-stack
>>
>> There, you have userspace networking right of
A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the Transport Layer
Security (TLS) WG of the IETF.
Title : The Transport Layer Security (TLS) Protocol Version 1.3
Author : Eric Rescorla
Filename
I have just posted draft-ietf-tls-rfc8446bis-07
This incorporates the following changes:
- Updated text about differences from RFC 8446.
- Clarify which parts of IANA considerations are new to this document.
- Upgrade the requirement to initiate key update before exceeding
key usage limits to M
To whom it may concern. My name is Chad Harrelson. I am a Senior
Solutions Architect at Red Hat and I am developing a presentation about the
role of TLS in modern software communication methods, and specifically
within RedHat products such as RedHat Enterprise Linux and Openshift
Container Platf
2023年2月14日(火) 14:31 Christian Huitema :
>
>
> On 2/13/2023 7:57 PM, Viktor Dukhovni wrote:
> > On Tue, Feb 14, 2023 at 04:22:48PM +1300, Marten Seemann wrote:
> >
> >> It hides certain bits of the header, as well as the packet number,
> >> from an on-path observer. This is crucial to prevent middl
15 matches
Mail list logo
