[rsnog] "[TLS] Industry Concerns about TLS 1.3"

Predrag Ivanovic predivan at mts.rs
Wed Oct 12 22:45:59 CEST 2016


Jedan od onih epskih ML thread-ova :)
(Kad smo kod sigurnosti, probao sam da platim nešto karticom na domaćem 
online shop-u, FF 49 je odbio da pošalje podatke sa stranice za autorizaciju transfera domaće banke 
sa 'SSL_ERROR_NO_CYPHER_OVERLAP'...)  

"[TLS] Industry Concerns about TLS 1.3"
https://www.ietf.org/mail-archive/web/tls/current/msg21275.html

Jedan od boljih citata:
"
> I understand your concern over what the nation-state actors are doing
> but it is not the same as what Enterprises do to manage their private
> servers, networks and clients.

It totally is. You record the traces, then use the private key to decrypt them. 
The packets are stupid, they don't know the difference!
"

Pedja




More information about the rsnog mailing list