[nfsv4] TLS Fingerprint Pinning Needed
grarpamp
grarpamp at gmail.com
Wed Apr 8 21:10:51 PDT 2020
> There is a general encryption proponent mandate RFC...
One might also try full text RFC search for "fingerprint"
references in context of "TLS" (or the older "SSL").
The following incomplete list all in manner of spirit do
generally give rise and encourage the offering and enablement
of such security option sets in apps / protocols utilizing TLS...
Recommendations for Secure Use of Transport Layer Security (TLS)
https://tools.ietf.org/html/rfc7525
Pervasive Monitoring Is an Attack
https://tools.ietf.org/html/rfc7258
Privacy Considerations for Internet Protocols
https://tools.ietf.org/html/rfc6973
Certificate Transparency
https://tools.ietf.org/html/rfc6962
Strong Security Requirements for Internet Engineering Task Force
Standard Protocols
https://tools.ietf.org/html/rfc3365
Guidelines for Writing RFC Text on Security Considerations
https://tools.ietf.org/html/rfc3552
IETF Policy on Wiretapping
https://tools.ietf.org/html/rfc2804
IAB and IESG Statement on Cryptographic Technology and the Internet
https://tools.ietf.org/html/rfc1984
"It is the consensus of the IETF that IETF standard protocols MUST
make use of appropriate strong security mechanisms."
Privacy Requirements for IETF Protocols
https://tools.ietf.org/html/draft-cooper-ietf-privacy-requirements-01
It is the consensus of the IETF that our protocols be designed to
avoid privacy violations to the extent possible.
Handling Pervasive Monitoring in the IETF (perpass) (WG)
https://www.ietf.org/proceedings/88/perpass.html
https://www.ietf.org/mailman/listinfo/perpass
Not requiring app (NFS) spec implementations to have some options
for some of the previously noted modes of fingerprint checking to help
avoid some TLS MITM attacks, would seem to be in conflict with all above.
More information about the cypherpunks
mailing list