Re: [Sks-devel] TLS 1.3 and HKPS pool

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] TLS 1.3 and HKPS pool

From:	Phil Pennock
Subject:	Re: [Sks-devel] TLS 1.3 and HKPS pool
Date:	Mon, 19 Mar 2018 17:24:07 -0400

On 2018-03-19 at 22:14 +0100, Kristian Fiskerstrand wrote:
> On 03/19/2018 10:08 PM, Phil Pennock wrote:
> > Do we care?
> 
> I'm tempted to say no..

Another point in favor of that: I'd forgotten that TLS1.3 moves
certificate exchange to be protected by the session, so encrypted.  Thus
I suspect that we won't have SNI available for choosing TLS versions and
ciphersuites until after TLS1.3 has already been negotiated.

I could do something like bring up another IPv6 address with a listening
server, but that would still need manual hacks in the pool-server
software to even know that IP address is worthy of consideration.

-Phil

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] TLS 1.3 and HKPS pool, Phil Pennock, 2018/03/19
- Re: [Sks-devel] TLS 1.3 and HKPS pool, Kristian Fiskerstrand, 2018/03/19
  - Re: [Sks-devel] TLS 1.3 and HKPS pool, Phil Pennock <=
    - Re: [Sks-devel] TLS 1.3 and HKPS pool, Daniel Kahn Gillmor, 2018/03/23
    - Re: [Sks-devel] TLS 1.3 and HKPS pool, Phil Pennock, 2018/03/23
  - Re: [Sks-devel] TLS 1.3 and HKPS pool, Hendrik Visage, 2018/03/19
    - Re: [Sks-devel] TLS 1.3 and HKPS pool, Kristian Fiskerstrand, 2018/03/19
    - Re: [Sks-devel] TLS 1.3 and HKPS pool, Henry Vindin, 2018/03/23

Prev by Date: Re: [Sks-devel] TLS 1.3 and HKPS pool
Next by Date: Re: [Sks-devel] TLS 1.3 and HKPS pool
Previous by thread: Re: [Sks-devel] TLS 1.3 and HKPS pool
Next by thread: Re: [Sks-devel] TLS 1.3 and HKPS pool
Index(es):
- Date
- Thread