Hi Mike, TLS 1.3 represents the best intentions of a huge number of contributors. Compared to earlier versions of TLS, 1.3 received much more scrutiny, from academics and industry folks alike. It's much more secure than earlier versions of the protocol as a result of this process. For more on this, I'd invite you to listen to Thyla van der Merwe's talk at Real World Crypto 2018: https://www.youtube.com/watch?v=t4caEr9hh98. The process isn't perfect ... there may be bugs that lurk in TLS today, and bugs are likely to arise as the protocol evolves. But the process hasn't been "hijacked".
Would you care to elaborate on your concerns around tracking of users? Best, Chris P. On Sat, Sep 12, 2020 at 2:05 PM Kathleen Moriarty < kathleen.moriarty.i...@gmail.com> wrote: > Hi Mike, > > This is a pretty big topic that’s been explored quite a bit. The long > term impact of these changes could be very positive. I just published a > book on the topic of embracing E2E among other topics after exploring the > impact on operators in RFC8404. In other words, both directions were > explored to reach a possible way forward with increased security and how to > get the control/visibility in order to embrace these changes. > > I’m happy to talk more, but fear the length of a thread on this list and > may not keep up with it given my current workload. > > Best regards, > Kathleen > > Sent from my mobile device > > > On Sep 12, 2020, at 11:07 AM, Michael D'Errico <mike-l...@pobox.com> > wrote: > > > > Hi, > > > > I get a weird feeling that the internet is being hijacked and soon it > will be impossible to reverse course. I have not followed the development > of TLS 1.3 but it seems very different from TLS 1.2. Also TLS 1.2 is very > different from TLS 1.0/1.1 (which are being deprecated). QUIC looked good > at a glance, but it seems to rely on TLS to share key material, and also > I'm more than a bit concerned about its capability to track users. > > > > Then there's Zoom video conferencing, where everybody working from home > or in virtual school has an audio and video feed streaming to their > servers. Github is owned by Microsoft with some dire consequences. Lots > of large companies trying to be everything to everyone, and it turns out > they're cruel. > > > > Anyone? > > > > Mike > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
