I see, thank you, it seems that there is a lot of archeological work to be done.
Ok at least I can organize my work as perhaps a good first step home work before being in a position to comment further > Le 5 oct. 2017 à 11:12, Stephen Farrell <stephen.farr...@cs.tcd.ie> a écrit : > > > > On 05/10/17 09:54, Arnaud Taddei wrote: >> Being new to this community, can I actually ask for the analysis of >> the ‘hundred’s of applications’ which lead to the evolution of TLS >> 1.3 the way it is today? Was it captured somewhere or shall I >> reconstruct this history from all the discussions in the mailing >> lists? > > It's more the latter. But, and it's a big but, tls1.3 > is almost entirely (0rtt aside) aiming to provide the > same services as earlier versions, just to do it better, > so the need for that kind of broad survey of uses of > tls is far less. WRT 0rtt, people did, and are doing, > a bunch of work to figure out when it's (un)safe to > use that. > > When it comes to breaking tls (as in this proposal), > since that'd change the security model (from an > essentially two party security protocol to an N-party > model), a lot more work would need to be done, and > has never been done, by any of the people proposing > to break tls, at least afaik. > > S. > > >> >> Thank you in advance >> >>> Le 3 oct. 2017 à 00:48, Stephen Farrell <stephen.farr...@cs.tcd.ie> >>> a écrit : >>> >>> >>> Russ, >>> >>> On 02/10/17 22:43, Russ Housley wrote: >>>>> For starters, though, I'd be interested answers from the >>>>> authors to two quick questions, though I suspect I can guess >>>>> 'em: >>>>> >>>>> 1. TLS1.3 has had significant formal analysis. Did the authors >>>>> or other proponents here do any such work and if so can you >>>>> send a pointer to your results? If not, then I believe the onus >>>>> is on the folks who want to break TLS to do that work >>>>> themselves if they want to make a serious proposal and it is >>>>> not ok IMO to try put that work onto the community who have >>>>> been working hard for years to make TLS stronger. >>>> >>>> I would be willing to work with the people that did the formal >>>> analysis to show the impact of including the extension, and >>>> making changes to the extension that are indicated by that >>>> analysis. >>>> >>> >>> IMO, that's not a good answer. When improving the security >>> properties of the protocol it may suffice. When weakening the >>> protocol, I strongly believe the onus is on you to have done that >>> work ahead of time, so that the damage you are proposing the >>> Internet suffers is clear and known and not discovered years >>> later. >>> >>>>> 2. Which of the hundreds of applications making use of TLS did >>>>> you analyse before proposing this? If only a handful, then same >>>>> comment wrt where the onus ought lie. >>>> >>>> Just like TLS 1.3 has been implemented and tested with many >>>> applications during its development, I would expect the same to >>>> happen in those environments where there is interest in making >>>> use of this extension. >>> >>> The TLS WG has spent an awful lot of effort on (I think) every >>> single semantic difference between TLS1.2 and TLS1.3. (Ortt for >>> example.) You are now asking that everyone else do work to figure >>> out how your proposal damages their uses of TLS so that this >>> supposed use case is dealt with. I think you and other proponents >>> of breaking TLS need to spend that effort yourselves. (This is >>> because as you know there is no way to limit the damage of your >>> proposal to only the use-cases that are the claimed targets for >>> this bad idea.) >>> >>> So yes, those answers are as I expected and are just as >>> unsurprisingly, utterly unsatisfactory. >>> >>> S. >>> >>>> >>>> Russ >>>> >>>> >>> >>> _______________________________________________ TLS mailing list >>> TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls >> >> > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
