This question is based on your that belief that this protocol will
"escape" onto the public Internet, that browsers and other clients used
by individuals will feel forced to implement it, and that clients will
then be forced to enable the extension in order to get through
middleboxes that would filter traffic based on whether or not the
extension is present in the ClientHello. I've already explained why I
believe that scenario will never happen, and so no I do not agree that
it is a "fundamental change."
The idea of a client extension was added based on feedback at the Prague
meeting in order to help prevent the protocol from being used over the
public Internet, by preventing the protocol from being used without the
client's knowledge. Obviously you believe that the method being proposed
to address one concern introduces another concern. I do not share those
concerns for the reasons that I've already stated.
I don't plan to comment on this issue any further, and doing so would
just be repeating myself, thus just adding to the noise.
On 10/25/2017 10:28 AM, Salz, Rich wrote:
➢ Similarly, the best that TLS can offer in terms of privacy is that the
contents of the communication between the two endpoints is not seen by
anyone else *unless* at least one of the two endpoints (client or
server) chooses to provide the contents of the communication to some
other entity. draft-rhrd-tls-tls13-visibility doesn't change that.
Yes it does. It signals on the wire to any observer that the client and server agree to this. TLS never attempted to control what the client or server could do. But it never put any such signal on the wire. This is an important and fundamental change, and it allows traffic to be categorized and handled differently.
Do you agree with that?
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
