Hi Watson, Please see inline
From: dns-privacy <[email protected]> On Behalf Of Watson Ladd Sent: Friday, March 29, 2019 11:56 PM To: [email protected] Subject: [dns-privacy] Correction to my mike statement about the provisioning draft CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe. ________________________________ Despite citations to SRP-6 the rfc 5054 implements 6a which doesn't have a 2 for 1 attack. [TR] Yes. It does however use SHA1 hardcoded. Probably not a good idea. [TR] SHA1 is hardcoded, but don’t see any other TLS specification using PAKE scheme other than the expired draft https://tools.ietf.org/html/draft-barnes-tls-pake-04. Is there any other PAKE scheme to use in TLS ? We seem to have thought there were other draft issues as well though. [TR] I will work on the comments received from the WG, and post an updated draft. Cheers, -Tiru Sincerely, Watson Ladd
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
