and also, I'm only marginally optimistic about first-gen basic implementation correctness of actual 1.3 in the best case. Not a lot of confidence in the Blue Coats of the world with this thing.https://www.theregister.co.uk/2017/02/27/blue_coat_chokes_on_chrome_encryption_update/ …
-
-
Once enterprise builds the systems and gets their revisions into every Blue Coat middlebox, half the engineering work of those abusive governments is done.
-
Yeah, that's what I'm trying to say. And, to be honest, the design & implementation of even an impossible-to-detect mechanism is not hard.
-
how do you get around the CA problem? I'd think a stealth intermediary would get flagged pretty quickly by Mountain View.
-
Like I mentioned earlier in this thread, if you want to share a static key but you need the ECDH key to change every connection, you can do that by making the ECDH key a function of the static key and Server.Random.
-
If we wanted to prevent this kind of thing, then we would have tried to find a way to make the protocol secure by making Server.Random deterministic, and get people to insist on that variant of TLS. (Even now, given the use of ephemeral DH, does Server.Random need to be random?)
-
This is an impossible problem. You’d have to lock down every potentially random byte of the protocol to make this work, and even then you could always use a timestamp or an out-of-band channel.
-
It would be difficult. I think it helps that there are few unencrypted extensions in TLS 1.3 and almost all data is encrypted/authenticated. On the other hand, the record header is authenticated but not (required to be) verified to be in range so it allows a covert channel.
-
(FWIW I argued against the record header covert channel on the TLS WG mailing list but people disagreed.) I agree that such a design would be tricky and would require a lot of effort (not just a couple of tweets) and kind of too late since TLS 1.3 shipped. Not sure *impossible*.
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.