On Thu, Aug 27, 2015 at 1:37 AM, Viktor S. Wold Eide < viktor.s.wold.e...@gmail.com> wrote:
> > On Mon, Aug 24, 2015 at 11:17 PM, Eric Rescorla <e...@rtfm.com> wrote: > >> >> >> On Mon, Aug 24, 2015 at 1:56 PM, Viktor S. Wold Eide < >> viktor.s.wold.e...@gmail.com> wrote: >> >>> Hi, >>> >>> I am looking for a way to achieve identity hiding for DTLS 1.2, which >>> also hopefully can be used in (D)TLS 1.3, when available. >>> >>> From what I understand, for (D)TLS 1.2 it would be possible to perform >>> an anonymous unencrypted handshake and then to renegotiate the connection >>> with authentication within the encrypted channel, e.g., according to the >>> expired draft [1]. From the latest TLS 1.3 draft [2] it appears that >>> renegotiation will be removed in the upcoming 1.3 version. >>> >>> What is likely to be the recommended way to achieve identity hiding for >>> (D)TLS 1.3, if any? >>> >>> [1] Transport Layer Security (TLS) Encrypted Handshake Extension, >>> draft-ray-tls-encrypted-handshake-00, expired in 2012 >>> [2] The Transport Layer Security (TLS) Protocol Version 1.3, >>> draft-ietf-tls-tls13-07 >>> >>> >> TLS 1.3 encrypts both the client's and server's certificates already. >> The server's certificate is secure only against passive attack. The >> client's is encrypted with a key that the client can authenticate as >> belonging to the server. >> >> > Thanks a lot for the clarification. > > Would it be reasonable to include your answer or something similar into > the TLS 1.3 draft, for example in the "Major Differences from TLS 1.2" > section? > Sure. It's mostly a changelog now, but I'll try to add something. -Ekr > Best regards > Viktor S. Wold Eide > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
