> On 12.07.2016 г., at 13:26, Franco Fichtner <franco_at_lastsummer.de> wrote: > > >> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev <daniel_at_digsys.bg> wrote: >> >> It is trivial to play MTIM with this protocol and in fact, there are commercially available “solutions” for “securing one’s corporate network” that doe exactly that. Some believe this is with the knowledge and approval of the corporation, but who is to say what the black box actually does and whose interests it serves? > > It's also trivial to ignore that pinning certificates and using client > certificates can actually help a great deal to prevent all of what you > just said. ;) I don’t know many users who even know that they can do this — much less actually using it. Pinning the browser vendor’s certificates does not protect you from being spied while visiting someone else’s site. This is also non-trivial to support. In the early days of DANE, Google even had a version of Chrome that supported DANE, just to kill it a bit later: https://www.ietf.org/mail-archive/web/dane/current/msg06980.html > > The bottom line is not having GOST support readily available could alienate > a whole lot of businesses. Not wanting those downstream use cases will make > those shift elsewhere and the decision will be seen as an overly political > move that in no possible way reflects the motivation of community growth. Exactly — especially as long as there is no demonstrable proof that GOST is actually broken. DanielReceived on Tue Jul 12 2016 - 10:33:22 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:06 UTC