I was watching some talks on the developing TLS 1.3 protocol [1], just checking on what's been happening in recent drafts, and noticed that the authentication step in the connection handshake is now encrypted. Here is another video slightly more introductory [2].
This is really cool as it can bring privacy to certificate extensions, preventing say a client's access policy being revealed to a passive attacker. I'm not yet sure if I understand to what this extends to the server's certificate, or for active attackers. For that I may have to follow the mailing list discussions [3] more closely or check out a current implementation.
Perhaps with TLS 1.3, this might void some of my remarks on the potential drawbacks I discussed earlier about SROS's use of pigging backing on the transport layer encryption. Also, the reduced number of round trips would also help improve the connection time between SROS nodes.
1 [RuhrSec 2016: "Transport Layer Security TLS 1.3 and backwards security issues", Jrg Schwenk](
https://youtu.be/HvzAR__EIgQ) | @4:02
https://youtu.be/HvzAR__EIgQ?t=4m2s
2 [An overview of TLS 1.3 and Q&A](
https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/) | 4th slide or @9:00
https://vimeo.com/177333631
3
https://www.ietf.org/mail-archive/web/tls/current/msg17472.html
---
[Visit Topic](
https://discourse.ros.org/t/developing-with-sros/861/10) or reply to this email to respond.
If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
ros-users@lists.ros.org
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <
http://lists.ros.org/mailman//options/ros-users>
(text/plain)