tls-visibility is enemy action. Discuss.
-
-
You don’t know what tls-vis is? It’s internal key escrow for TLS, so banks can monitor their internal networks despite PFS.
2 replies 2 retweets 5 likesShow this thread -
Internal key escrow is a REASONABLE THING TO WANT. But it is not a reasonable thing to stall TLS 1.3 on.
3 replies 1 retweet 8 likesShow this thread -
Replying to @tqbf
Aimlessness and inconsistency on all sides in that discussion. Points follow ...
1 reply 1 retweet 1 like -
1/ TLS1.3 isn't stalled on this, but on other broken middle-boxes. Thread mostly just a minor nuisance afaics.
1 reply 1 retweet 4 likes -
2/ TLS1.3 tacitly supports escrow anyway, because static DH params can be used. Bizarrely: few argue to forbid this (clients could detect).
1 reply 0 retweets 2 likes -
3/ Server-side-only escrow less common, less useful, than forcing clients to use a CA for MITM. This is mostly about operational wireshark.
1 reply 0 retweets 2 likes -
4/ A lot of PFS fans pop up to object to tls-vis, but don't also insist on PFS for 0-RTT data, which is a much bigger real-world risk.
4 replies 1 retweet 2 likes -
FS is relative to the secret (STEK vs Privkey). In non-DH resumption, the entire resumed connection is not FS wrt STEK, not just 0-RTT data
1 reply 0 retweets 0 likes -
Replying to @grittygrease @tqbf
In TLS1.3 there is no non-DH resume though, only the 0-RTT data misses FS, but is also the most critical data.
2 replies 0 retweets 0 likes
Point is that the WG consensus is fine with no FS, key sharing, and MITM, when it’s for CDNs :)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.