per-entity - Re: [Per-Entity] HTTPS transport and TLS trust
Subject: Per-Entity Metadata Working Group
List archive
- From: Scott Koranda <>
- To: "Cantor, Scott" <>
- Cc: "" <>
- Subject: Re: [Per-Entity] HTTPS transport and TLS trust
- Date: Tue, 6 Sep 2016 10:04:08 -0500
- Ironport-phdr: 9a23:oXWINRzt+Z6UUtDXCy+O+j09IxM/srCxBDY+r6Qd0uMRIJqq85mqBkHD//Il1AaPBtqLra8fwLOL+4nbGkU+or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6aijSI4DUTAhTyMxZubqSwQ9aKzpf/6+fnsbbaZRlPnn71Wrh1MAn85VHav88KhpEkcI420QaPr3dVLbd432RtcGmYmArgruS35pdl/y0Y7+ki8NRJV6nzV6s9RL1cSj8hNjZmt4XQqRDfQF7XtTMnWWIMn08NWlCd4Q==
> > Are there other arguments in favor?
>
> The generic one is just to limit the chance of a stale
> result being injected into the stream. Without real time
> signing, you don't have much of a freshness guarantee, so
> there are still windows during which stale metadata
> responses could be injected. XML Signature doesn't natively
> have properties related to replay or freshness. Using TLS
> raises the bar for that attack, but less so if we're talking
> CDNs since that basically eliminates any real hope of
> verifying the TLS certificate at any strength.
Can you elaborate?
My naive understanding was that many of the commercial CDN
providers allow one to specify the X.509 certificate chain to
be used for TLS.
Am I wrong or missing the point or ?
Thanks,
Scott K
- [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Tom Scavo, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, IJ Kim, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, David Walker, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Paul Caskey, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, David Walker, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Paul Caskey, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, David Walker, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Paul Caskey, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, David Walker, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, IJ Kim, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
Archive powered by MHonArc 2.6.19.