[Chapter-delegates] IETF proposing sanctioned man-in-the-middle attacks
Marcin Cieslak
saper at saper.info
Tue Feb 25 01:38:40 PST 2014
On Mon, 24 Feb 2014, Olivier MJ Crepin-Leblond wrote:
>
> On 24/02/2014 10:22, Christian de Larrinaga wrote:
> > It's a draft currently version .01 So doesn't carry the consensus needed
> > as an IETF mechanism.
> > I agree with Lauren. The idea does not appeal to me either.
> >
> > Hopefully it will wither on the vine.
>
> Very probably so.
>
> I've noted another lowering of privacy, an actual real one, in Mozilla
> Thunderbird.
> I initially thought it was a bug, so I made an entry in Bugzilla. The
> response I have received was quite startling.
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=968492
>
>
> I am not a crypto expert but for me, less crypto bits means less
> privacy. I really do not know what to do since this crypto stuff is not
> my world. If any Chapters feel this is something to take up in the
> policy sphere rather on Bugzilla (which is for bugs after all), then
> please feel free to do so.
The original plan is at:
https://briansmith.org/browser-ciphersuites-01.html
and the longish discussion started with
Message-ID: <mailman.470.1376015570.23840.dev-tech-crypto at lists.mozilla.org>
on the mozilla cryptotech mailing list, which can be conveniently viewed
here:
http://thread.gmane.org/gmane.comp.mozilla.crypto/17239
This is a call for improved interoperability (which is in itself
a worthy goal) and is in no way Mozilla or NSS-specific; therefore
something interesting to ISOC members.
Here's our tweet: https://twitter.com/ISOCPoland/status/438246401785741312
Brian Smith has discussed those issues also durig IETF88
//Marcin
More information about the Chapter-delegates
mailing list