On 07/07/16 12:52, Nikos Mavrogiannopoulos wrote: > On Thu, 2016-07-07 at 10:37 +0100, Stephen Farrell wrote: >> Hiya, >> >> Just on this one thing... >> >> On 07/07/16 09:13, Nikos Mavrogiannopoulos wrote: >>> >>> does not make the situation any worse >>> than we have today. >> I don't accept that is the correct goal. That form of >> argument is what lead to us standardising the HTTP >> Forwarded header field, which IMO was a disimprovement. >> (An argument I lost in the end in that case [1], but >> 'twas close, and back in 2012 so might go the other >> way today;-) >> I would argue that the correct goal is to make things >> better whenever possible, with that being especially >> important for protocols like (D)TLS on which many >> other things depend. >> I do agree that any scheme developed would need to >> meet the state management requirements of servers. >> I'm not convinced those requirements call for a new >> super-cookie though:-) > > I understand your point, I'm not fully convinced by that argumentation. > I may be wrong of course, but I'll try to explain my point. Indeed > putting privacy first should be a goal of TLS/DTLS, but to the extent > it covers the protocol goals. What you propose is to make a stream > anonymous, untrackable.
Totally wrong, sorry. What I propose is not adding new ways to allow a network observer to track a tls client using the same tls session over multiple transport layer connections, unless that is really unavoidable. Exaggerating my argument is not useful. Not is it at all convincing. S. > However, that (anonymity or untrackability of > the stream) was never a stated goal of TLS/DTLS. In fact TLS is by > definition trackable over TCP and one can see in the clear the IPs of > the two peers communicating. That doesn't change by switching to DTLS, > except for unfortunate situations of routers losing state and client > roaming, which current servers cannot easily cope with, and that's the > problem I attempt to address. > > I think the principle of doing one simple thing and doing it well, > applies to protocols as well. TLS and DTLS provide a layer of > confidentiality and authenticity. Anonymity, untrackability can be > provided by other protocols focused on that such as TOR. > > regards, > Nikos > >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
