[Cryptography] At what point should people not use TLS?
Phillip Hallam-Baker
phill at hallambaker.com
Sun Apr 10 09:23:18 EDT 2016
On Wed, Apr 6, 2016 at 2:27 PM, fcorella at pomcor.com <fcorella at pomcor.com> wrote:
> On Apr 5, 2016, at 8:00 PM, david wong <davidwong.crypto at gmail.com> wrote:
>
>
> WhatsApp just announced end-to-end encryption on their service, and the
> details show that they do not use TLS but another TLS-like protocol called
> Noise Pipes which was designed by one man.
>
>
> TLS is a very old protocol that needs to be put out to pasture so that
> it can end its days peacefully after having worked so hard for more
> than two decades. 2+ years ago we argued that
> it is time to redesign transport layer security from scratch taking
> into account all the lessons that have been learned since SSL was
> designed in 1994, instead of piling up new versions of TLS that make
> things worse by increasing complexity.
The proposal looks rather complex to me.
TLS is complex largely because the original design tried to be over
simple and as a result, lots of things that should have been core
ended up as options. Fast restart was a poorly thought out extension.
Suites were meant to simplify algorithm negotiation, they didn't.
I find the handwaving introduction of a completely new PKI most
unconvincing. Either change the protocol that consumes the PKI or
change the PKI. The WebPKI is complex because it is the interface of
the crypto to the real world. And the real world is complex.
If people wanted a simpler X.509 then they would use SAML assertions.
The SAML assertion layer was originally designed as an XML based PKI
to replace X.509. It has all the same capabilities in one coherent and
consistent system. SAML is a very successful protocol but nobody has
really seen the need to apply it as an X.509 replacement.
Pushing the cert exchange into DNS is another matter, yes, that has
been discussed for the purpose of closing the SNI privacy hole. Yeah,
it is possible but you have to be clear about the difference between a
host and a service running on the host.
More information about the cryptography
mailing list