per-entity - RE: [Per-Entity] HTTPS transport and TLS trust
Subject: Per-Entity Metadata Working Group
List archive
- From: "Cantor, Scott" <>
- To: IJ Kim <>, Tom Scavo <>
- Cc: Scott Koranda <>, Per-Entity Metadata Working Group <>
- Subject: RE: [Per-Entity] HTTPS transport and TLS trust
- Date: Tue, 6 Sep 2016 20:52:59 +0000
- Accept-language: en-US
- Authentication-results: spf=pass (sender IP is 164.107.81.212) smtp.mailfrom=osu.edu; gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=bestguesspass action=none header.from=osu.edu;
- Ironport-phdr: 9a23:jzjxdBLr5MeRNBshy9mcpTZWNBhigK39O0sv0rFitYgUKP/xwZ3uMQTl6Ol3ixeRBMOAtKIC1rGd6v2ocFdDyKjCmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWapAQfERTnNAdzOv+9WsuL15z2hKiO/MjyQU1rhT/1NbJwBBSwsQjLsMQK281vJrtnjlP1pX4AQO9f22QgcU6JhB31+MCY/Zh//j5Wtu57scNMTPOpUb4/SOkSJz0gL2cvoIXQvh7fUUHHsnAVVHkRiFwSKw/e8Vf3Uoqn4XiyjfZ0xCTPZZ6+drszQzn3qv4zEBI=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
> Just for the background information, another concern was the server
> security which is assumed in TLS. I'm not suggesting md.incommon.org is
> not secure but it was difficult to quantify and it was certainly less
> secure than the signing operation. Ops also wanted to reserve the
> flexibility of hosting its stand-by servers in co-locations without
> special requirements on its physical security.
Right, that's the fundamental difference.
Signing Pro:
- self-contained / portable security model
Con:
- subject to MITM threats
Transport Pro:
- end to end security
Con:
- highly dependent on physical deployment characteristics that are difficult
to replicate widely
I wouldn't necessarily argue that both don't have their place, but we
implement both and long experience has led us to believe that it's better to
attack the MITM problem with signing somehow than give up the flexibility.
I think probably the best option is to sign, use TLS, but not go overboard
trying to lock down the TLS part. That provides reasonable protection against
low-cost active attacks without relying on it exclusively.
-- Scott
- [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Tom Scavo, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, IJ Kim, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, David Walker, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Paul Caskey, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, David Walker, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Paul Caskey, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, , 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Paul Caskey, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, David Walker, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Scott Koranda, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, Tom Scavo, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Paul Caskey, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, David Walker, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
- Re: [Per-Entity] HTTPS transport and TLS trust, IJ Kim, 09/06/2016
- RE: [Per-Entity] HTTPS transport and TLS trust, Cantor, Scott, 09/06/2016
Archive powered by MHonArc 2.6.19.