Daniel Kahn Gillmor <d...@fifthhorseman.net> writes: >the way i was going to write it that guidance was pretty dumb (i was thinking >of just a hashtable combined with a fixed-size ring buffer to be constant- >space and roughly constant-time, and hadn't even considered bloom filters), >so i welcome suggested text.
Aren't you going to get into an adversarial machine learning problem where your recogniser has to be smarter than the other side's DH-reuse code? In other words if the server just reuses the same DHE public value again and again you can detect it, but if they generate slightly different values from a fixed seed or start point you're not going to be able to detect it unless you know what they're doing. Not to mention a NOBUS DHE public value if they really want to be crafty. In other words if someone wants to middlebox TLS, they're going to do it no matter how much people may dislike it. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
