On 3 May 2017 at 22:45, Colm MacCárthaigh <c...@allcosts.net> wrote: > This is easy to say; the TLS layer is the right place. It is not practical > for applications to defend themselves, especially from timing attacks.
If you care about these attacks as much as it appears, then you can't reasonably take this position. We've historically done a lot to secure applications at a single point, and we're almost at the end of what we can reasonably do for them at this layer. We need to think more hollistically and acknowledge that applications need to take some responsibility for their own security. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
