On Tuesday, 24 October 2017 00:40:44 CEST Colm MacCárthaigh wrote: > On Mon, Oct 23, 2017 at 3:30 PM, Benjamin Kaduk <bka...@akamai.com> wrote: > > There are no doubt folks here would claim that the writing has been on > > the wall for> > > five years or more that static RSA was out and forward secrecy was on > > the way in, and that now is the right time to draw the line and drop the > > backwards compatibility. In fact, there is already presumed WG > > consensus for that position, so a strong argument indeed would be needed > > to shift the boundary from now. I won't say that no such argument can > > exist, but I don't think we've seen it yet. > > I don't have too strong an interest in this thread, it's not going > anywhere, and I don't mind that. But I do want to chime in and point > out that forward secrecy is not completely on the way in. With STEK > based 0-RTT, it sounds like many implementors are happy to see user's > requests, cookies, passwords and other secret tokens protected only by > symmetric keys that are widely shared across many machines and > geographic boundaries, with no defined key schedule, usage > requirements or forward secrecy. Clearly, the consensus has been > willing to accept that trade-off, and there is definite wiggle room.
which part of the HTTP 0-RTT usage policy does say that that is acceptable? -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
