On Mon, Aug 24, 2015 at 11:17 PM, Eric Rescorla <e...@rtfm.com> wrote:
> > > On Mon, Aug 24, 2015 at 1:56 PM, Viktor S. Wold Eide < > viktor.s.wold.e...@gmail.com> wrote: > >> Hi, >> >> I am looking for a way to achieve identity hiding for DTLS 1.2, which >> also hopefully can be used in (D)TLS 1.3, when available. >> >> From what I understand, for (D)TLS 1.2 it would be possible to perform an >> anonymous unencrypted handshake and then to renegotiate the connection with >> authentication within the encrypted channel, e.g., according to the expired >> draft [1]. From the latest TLS 1.3 draft [2] it appears that renegotiation >> will be removed in the upcoming 1.3 version. >> >> What is likely to be the recommended way to achieve identity hiding for >> (D)TLS 1.3, if any? >> >> [1] Transport Layer Security (TLS) Encrypted Handshake Extension, >> draft-ray-tls-encrypted-handshake-00, expired in 2012 >> [2] The Transport Layer Security (TLS) Protocol Version 1.3, >> draft-ietf-tls-tls13-07 >> >> > TLS 1.3 encrypts both the client's and server's certificates already. > The server's certificate is secure only against passive attack. The > client's is encrypted with a key that the client can authenticate as > belonging to the server. > > Thanks a lot for the clarification. Would it be reasonable to include your answer or something similar into the TLS 1.3 draft, for example in the "Major Differences from TLS 1.2" section? Best regards Viktor S. Wold Eide
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
