[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] Accepting that other SNI name types will never work.
From:       Martin Thomson <martin.thomson () gmail ! com>
Date:       2016-03-07 12:32:55
Message-ID: CABkgnnUVmFSBBJG--khh435v54bEL=KRPAR6_Jguk4r12io1oA () mail ! gmail ! com
[Download RAW message or body]

On 7 March 2016 at 23:02, Hubert Kario <hkario@redhat.com> wrote:
> well, if some people don't care about their implementation being
> fingerprintable, let them be, but there should but at least a
> recommendation what to do if you want to avoid that.

I'd be very surprised if this added anything to the fingerprinting
entropy already present in TLS implementations.  You can't use this
sort of thing to distinguish one user of NSS from another NSS user.

BTW, I'm pretty much not willing to volunteer to review the patch that
made NSS less fingerprintable as NSS.  I'm pretty sure that involves
replacing NSS with OpenSSL.


[prev in list] [next in list] [prev in thread] [next in thread]