Probably not, but I agree with MT. The general idea here is that any given protocol trace should only be interpretable in one way. So, either you need the interior protocol to be self-describing or you need to separate the domains with ALPN. I don't believe that either the IP ACL or mTLS addresses this issue, and in fact arguably mTLS makes the problem worse because it provides authenticated protocol traces which might be usable for cross-protocol attacks.
-Ekr On Thu, Apr 29, 2021 at 7:26 AM Salz, Rich <rsalz= 40akamai....@dmarc.ietf.org> wrote: > > No new protocol should use TLS without ALPN. It only opens space for > cross-protocol attacks. Did the working group consider this possibility in > their discussions? > > I don't believe that message has been made as public as it should be. > > _______________________________________________ > dns-privacy mailing list > dns-priv...@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
