On Mon, Jan 11, 2016 at 12:12:47AM -0800, Watson Ladd wrote: > On Mon, Jan 11, 2016 at 12:03 AM, Ilari Liusvaara > > > > I don't think this is signficant. If you want protection from THS that > > actually works, you require EMS anyway (or ensure THS is of no > > consequence at application layer), not try to do TLS configuration > > "workarounds" (that don't actually work). > > Are you saying that a Suite B only deployment of TLS which does point > validation is THS vulnerable?
If both ends are Suite B only, highly unlikely... However, things get more exciting (as in "exciting crypto") if one end is and the other isn't... (Suite B isn't special here, there are other possible profiles with similar properties). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
