ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [IAB] Mandatory encryption as part of HTTP2

2013-11-18 03:13:19
from [Masataka Ohta] [Permanent Link] 
Yoav Nir wrote:


Pinning every HTTPS certificate on the planet is not scalable. What
you *can* do is have each site pin their site. That's the point of
HPKP ([1]).

For this to work, you need to at some point be without the MITM. I
guess that wouldn't help you much where MITM are pervasive, like Iran
or Syria, but it would work where attacks are the exception.


What? Do you mean pervasive attack by NSA for Iran or Syria?

Anyway, pervasive attack longer than lifetime of pinning can
demolish HPKP.

Moreover, it is still no better than DH, because initially shared
DH key can be kept forever or as long as the lifetime of pinning.

There is no royal road in secure communication.

                                                Masataka Ohta
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Number of CAs, Vinayak Hegde
Next by Date:  Re: Number of CAs, Randy Bush
Previous by Thread:  Re: [IAB] Mandatory encryption as part of HTTP2, Yoav Nir
Next by Thread:  Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta
Indexes:  [Date] [Thread] [Top] [All Lists]