Looks like this didn't make it out to the list. Forwarding
from my email address a message by Jon Solworth.
----- Forwarded message from "Jon A. Solworth" <solwo...@rites.uic.edu> -----
Date: Fri, 8 Apr 2016 17:33:57 -0500
From: "Jon A. Solworth" <solwo...@rites.uic.edu>
To: tls@ietf.org, Tanja Lange <ta...@hyperelliptic.org>, "D. J. Bernstein"
<d...@cr.yp.to>, "W. Michael Petullo" <m...@flyn.org>
Subject: TLS weakness in Forward Secrecy compared to QUIC Crypto
It is not necessary to choose between either forward secrecy
or low latency. It is possible to achieve both (and many other
properties) as does MinimaLT.
In MinimaLT, the current ephemeral key for the server
is added to the DNS record fetched during the DNS lookup. These entries
expire fairly quickly, ensuring that old keys are never
used.
The DNS lookup is necessary for other reasons, so there
is no additional latency.
This design avoids weak mechanisms and added complexity,
two issues that cause enormous problems in security software.
Jon Solworth
----- End forwarded message -----
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
