I wrote a long blog post covering everything you ever wanted to know about Keyless SSLhttps://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/ …
@grittygrease Good work. I am curious as to why the keyserver doesn't get to choose Serverhello.server_random.
-
-
@BRIAN_____ This would require another roundtrip in the RSA case. It could be feasible in the DH case, though. -
@grittygrease In the RSA case, keyserver can batch send acceptable server_randoms to you, async. Guards against some interesting replays. -
@BRIAN_____ What's the threat model for these replay attacks? -
@grittygrease 2. Compromised PoP decrypting traffic from other PoPs' conns by replaying client_random and server_random from those conns. -
@BRIAN_____ Interesting, I see where you're going with this. More reasons to use forward-secret ciphersuites. -
@grittygrease Even in the (EC)DHE case, it would be best if the keyserver could send the (EC)DHE keypairs that each PoP uses, batch/async. -
@grittygrease To be clear, I mean "best" in the eyes of somebody that wants to trust the PoPs as little as possible; may be unrealistic.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.