[ros-users] [Discourse.ros.org] [ROS Projects] Developing with SROS

ruffsl ros.discourse at gmail.com
Thu Jan 5 03:43:30 UTC 2017




I was watching some talks on the developing TLS 1.3 protocol [1], just checking on what's been happening in recent drafts, and noticed that the authentication step in the connection handshake is now encrypted. Here is another video slightly more introductory [2].

This is really cool as it can bring privacy to certificate extensions, preventing say a client's access policy being revealed to a passive attacker. I'm not yet sure if I understand to what this extends to the server's certificate, or for active attackers. For that I may have to follow the mailing list discussions [3] more closely or check out a current implementation.

Perhaps with TLS 1.3, this might void some of my remarks on the potential drawbacks I discussed earlier about SROS's use of pigging backing on the transport layer encryption. Also, the reduced number of round trips would also help improve the connection time between SROS nodes.

1 [RuhrSec 2016: "Transport Layer Security  TLS 1.3 and backwards security issues", Jrg Schwenk](https://youtu.be/HvzAR__EIgQ) | @4:02

https://youtu.be/HvzAR__EIgQ?t=4m2s

2 [An overview of TLS 1.3 and Q&A](https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/) | 4th slide or @9:00

https://vimeo.com/177333631

3 https://www.ietf.org/mail-archive/web/tls/current/msg17472.html






---
[Visit Topic](https://discourse.ros.org/t/developing-with-sros/861/10) or reply to this email to respond.




More information about the ros-users mailing list