[TLS] Re: [EXTERNAL] Re: DTLS 1.3 bis

2024-11-17 Thread Stephen Farrell
Hiya, Given David's presentation and subsequent list discussion, it seems extraordinarily clear that a bis document is needed here;-) On 17/11/2024 12:54, David Benjamin wrote: A thought: This is now a protocol change, but what if we defined a "oops" extension that simply adds a dummy post-Fin

[TLS] Re: [EXTERNAL] Re: DTLS 1.3 bis

2024-11-17 Thread Ilari Liusvaara
On Wed, Nov 13, 2024 at 01:39:43PM -0500, David Benjamin wrote: > > Not to say that every implementor would have noticed every issue (I'm sure > I overlooked some issues too), but I think DTLS's biggest challenge has > always been the relatively little attention it receives compared to TLS. - Whe

[TLS] Re: TLS 1.3, Raw Public Keys, and Misbinding Attacks

2024-11-17 Thread Achim Kraus
Hi Mohit, > Coming back to this. I'd disagree with the assertion that when using the > raw public key mode, the public key is the identity. We don't open a > connection to a key - we open a connection to a domain name or to an IP > address unless of course we are a HIPster and use Host Ident

[TLS] Re: TLS 1.3, Raw Public Keys, and Misbinding Attacks

2024-11-17 Thread Viktor Dukhovni
On Mon, Nov 18, 2024 at 08:25:12AM +0200, Mohit Sethi wrote: > The model detects misbinding in both cases: i) where the received > public key is verified via DANE, and ii) where the received public key > is verified from a list of pre-configured keys. If the preconfigured key is correctly bound t

[TLS] Re: [EXTERNAL] Re: DTLS 1.3 bis

2024-11-17 Thread Ilari Liusvaara
On Sun, Nov 17, 2024 at 07:54:17AM -0500, David Benjamin wrote: > On Sat, Nov 16, 2024 at 10:40 AM Ilari Liusvaara > wrote: > > > On Wed, Nov 13, 2024 at 01:39:43PM -0500, David Benjamin wrote: > > A thought: This is now a protocol change, but what if we defined a "oops" > extension that simply

[TLS] Re: [EXTERNAL] Re: DTLS 1.3 bis

2024-11-17 Thread David Benjamin
On Sun, Nov 17, 2024 at 12:05 PM Ilari Liusvaara wrote: > On Sun, Nov 17, 2024 at 07:54:17AM -0500, David Benjamin wrote: > > On Sat, Nov 16, 2024 at 10:40 AM Ilari Liusvaara < > ilariliusva...@welho.com> > > wrote: > > > > > On Wed, Nov 13, 2024 at 01:39:43PM -0500, David Benjamin wrote: > > > >

[TLS] Re: [EXTERNAL] Re: DTLS 1.3 bis

2024-11-17 Thread David Benjamin
On Sat, Nov 16, 2024 at 10:40 AM Ilari Liusvaara wrote: > On Wed, Nov 13, 2024 at 01:39:43PM -0500, David Benjamin wrote: > > > > Not to say that every implementor would have noticed every issue (I'm > sure > > I overlooked some issues too), but I think DTLS's biggest challenge has > > always bee