Hi, I agree with Bill. Keeping confidentiality in all TLS/1.3 connections is future proofing. Supposedly analyzing and then leaving confidentiality out invites future attacks.
Cheers, - Ira On Thu, Feb 11, 2021 at 9:56 AM Bill Frantz <fra...@pwpconsult.com> wrote: > On 2/11/21 at 9:01 PM, rsalz=40akamai....@dmarc.ietf.org (Salz, > Rich) wrote: > > >>I would just like to recognize that there are some situations where it > isn't needed. > > > >Can you explain why TLS 1.2 isn't good enough for your needs? > > In my experience, there are many attacks that aren't anticipated > by the designers, but are successful. How can anyone know that > you don't need privacy? > > Back in the dark ages, I was working with a protocol which > provided the same basic assurances as TLS does: confidentiality, > authentication, and integrity. It and TlS also provide some > other important assurances, such a one-time, in order delivery, > which we also depended on. When we looked at a similar protocol > which didn't provide confidentiality, we discovered that there > was application level data that needed to be kept secret or the > application's assurances would be violated. > > In all honesty, it's probably cheaper to just provide > confidentiality than it is to do the analysis and protocol > proofs to show you don't need it. > > Cheers - Bill > > -------------------------------------------------------------- > Bill Frantz | There are now so many exceptions to the > 408-348-7900 | Fourth Amendment that it operates only by > www.pwpconsult.com | accident. - William Hugh Murray > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
