[Cryptography] At what point should people not use TLS?
fcorella at pomcor.com
fcorella at pomcor.com
Wed Apr 6 13:27:41 EDT 2016
On Apr 5, 2016, at 8:00 PM, david wong <davidwong.crypto at gmail.com> wrote:
>
> WhatsApp just announced end-to-end encryption on their service, and the details show that they do not use TLS but another TLS-like protocol called Noise Pipes which was designed by one man.
TLS is a very old protocol that needs to be put out to pasture so that
it can end its days peacefully after having worked so hard for more
than two decades. 2+ years ago we argued that
it is time to redesign transport layer security from scratch <https://pomcor.com/whitepapers/TimeToRedesignTLS.pdf> taking
into account all the lessons that have been learned since SSL was
designed in 1994, instead of piling up new versions of TLS that make
things worse by increasing complexity. Then we proposed several
protocol design patterns <https://pomcor.com/techreports/M2MSec14.pdf> that could be used in the design of a variety
of new protocols. (We proposed these patterns in the context of
machine-to-machine (M2M) communication, where different use cases may
call for different protocols; but one use case that we very much had
in mind when we wrote the paper was connection security for the world
wide web.)
I was not familiar with Noise Pipes. I've done a search and had a
very quick look at this <http://noiseprotocol.org/noise.html>. I'm happy to see that there are some
commonalities with our M2M paper, including the idea of considering
the pros and cons of multiple patterns within a common framework.
(Our patterns, however, are *design* patterns for a family of possible
protocols; each possible protocol within the family would implement
only one pattern, minimizing code and striving for simplicity of
implementation.) Noise pipes seems primarily concerned with
application data protection, whereas we were primarily concerned with
the handshake; our paper includes a solution to the rogue-CA problem
of the TLS server PKI, inspired by DANE.
Francisco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160406/e21347a3/attachment.html>
More information about the cryptography
mailing list