[ros-users] [Discourse.ros.org] [ROS Projects] Developing with SROS
ruffsl
ros.discourse at gmail.com
Thu Jan 5 03:43:30 UTC 2017
I was watching some talks on the developing TLS 1.3 protocol [1], just checking on what's been happening in recent drafts, and noticed that the authentication step in the connection handshake is now encrypted. Here is another video slightly more introductory [2].
This is really cool as it can bring privacy to certificate extensions, preventing say a client's access policy being revealed to a passive attacker. I'm not yet sure if I understand to what this extends to the server's certificate, or for active attackers. For that I may have to follow the mailing list discussions [3] more closely or check out a current implementation.
Perhaps with TLS 1.3, this might void some of my remarks on the potential drawbacks I discussed earlier about SROS's use of pigging backing on the transport layer encryption. Also, the reduced number of round trips would also help improve the connection time between SROS nodes.
1 [RuhrSec 2016: "Transport Layer Security TLS 1.3 and backwards security issues", Jrg Schwenk](https://youtu.be/HvzAR__EIgQ) | @4:02
https://youtu.be/HvzAR__EIgQ?t=4m2s
2 [An overview of TLS 1.3 and Q&A](https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/) | 4th slide or @9:00
https://vimeo.com/177333631
3 https://www.ietf.org/mail-archive/web/tls/current/msg17472.html
---
[Visit Topic](https://discourse.ros.org/t/developing-with-sros/861/10) or reply to this email to respond.
More information about the ros-users
mailing list