[Cryptography] IAB Statement on Internet Confidentiality
Bill Frantz
frantz at pwpconsult.com
Tue Nov 18 00:10:50 EST 2014
On 11/17/14 at 8:18 PM, leichter at lrw.com (Jerry Leichter) wrote:
>... In fact, protocols have been broken when they attempted to
>deliver more detailed information, so the tendency has been to
>keep the communication channel extremely limited.
>
>However, if you limit it this way, opportunistic encryption has
>no way to tell you that it's been blocked. If no one notices
>attacks, the step forward looks much less dramatic, no?
Isn't is straight forward to analyse the logs looking for
connections which used to be encrypted and no longer are?
Depending on how many different servers/endpoints/etc. you
connect to, this analysis may or may not be a data base problem.
If the number is less that 10000, a hash table in memory would
work well.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to
do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |
More information about the cryptography
mailing list