Hi, My impression from watching Tuesday's session is that this probably can't end up as a Working Group document, but nevertheless people seem to keep looking at it and so it's worth fixing errors.
Eric Rescorla touched on this I think briefly, but I want to be more forthright: Section 2.2.1 of the draft-camwinget-tls-use-cases-05 document says: In TLS 1.2, the ClientHello, ServerHello and Certificate messages are all sent in clear-text, however in TLS 1.3, the Certificate message is encrypted thereby hiding the server identity from any intermediary. But the contents of Certificate are merely public data, an adversary can arrange for a server under their control to present any certificate of their choosing, thereby in fact hiding the server identity from any intermediary under prior versions of TLS too. If this document is to continue in any form, even as an individual submission, it should be updated to either erase 2.2.1 altogether and any "use cases" that rely on it, or make clear that this technique couldn't actually work in TLS anyway and is mentioned only because some products erroneously rely on it. Nick. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
