[openssl-users] Privacy considerations - identity hiding from eavesdropping in (D)TLS

Viktor S. Wold Eide viktor.s.wold.eide at gmail.com
Mon Aug 24 10:39:49 UTC 2015


On Fri, Aug 21, 2015 at 4:07 PM, Salz, Rich <rsalz at akamai.com> wrote:

>
> >Are there any recommended ways to avoid certificates being sent in
> cleartext? That is, to first establish an anonymous encrypted channel, and
> then to authenticate within the encrypted channel.
>
> Not without breaking the protocol.
>

If interoperability with other software (clients / servers) is not an
issue, are there any known configuration / tweaks / minor changes that
could be used in openssl?

As I understand from the "Transport Layer Security (TLS) Encrypted
Handshake Extension, draft-ray-tls-encrypted-handshake-00", the defined way
would be to perform an anonymous unencrypted handshake and then to
renegotiate the connection, within the encrypted channel. However, it
appears that renegotiation will be removed in TLS 1.3, <
https://tools.ietf.org/html/draft-ietf-tls-tls13-07>.

So, I am looking for a way to achieve identity hiding for DTLS 1.2, which
also hopefully can be used in (D)TLS 1.3, when available.


>
> >I am also aware of some of the work in progress on TLS 1.3. It would be
> helpful to understand what is reasonable to expect from the changes
> introduced in (D)TLS 1.3 in this respect.
>
> Perhaps the tls at ietf list is a better place to discuss this.
>

Yes, I will do that, but I wanted to see what the options for (D)TLS 1.2
would be first.


Thanks
Viktor S. Wold Eide
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150824/00836c09/attachment.html>


More information about the openssl-users mailing list