Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-02.txt

2018-02-01 Thread Sean Turner 


> On Jan 31, 2018, at 16:41, Benjamin Kaduk  wrote:
> 
>> I also wondered whether there was any sense in reserving codepoint 0 (of
>> CertificateCompressionAlgorithm) for "uncompressed".  I guess not, since
>> support for uncompressed certificates is implicit by means of not using
>> the extension.  But sometimes keeping value 0 (basically) reserved is
>> still useful.
>> 
>> I've considered that, but decided that this would just introduce two ways to 
>> do
>> the same thing (send certificate uncompressed), so I decided against it.
> 
> Sure.  I don't see a reason to add a code point for uncompressed, but maybe 
> there is an aesthetic argument for leaving 0 reserved entirely.  But I 
> definitely do not insist on anything.

We could just reserve it and not assign any meaning to it.

spt
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] [Technical Errata Reported] RFC7905 (5251)

2018-02-01 Thread RFC Errata System 
The following errata report has been submitted for RFC7905,
"ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)".

--
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5251

--
Type: Technical
Reported by: Xavier Bonnetain 

Section: 4. Security

Original Text
-
   Poly1305 is designed to ensure that forged messages are rejected with
   a probability of 1-(n/2^107), where n is the maximum length of the
   input to Poly1305.  In the case of (D)TLS, this means a maximum
   forgery probability of about 1 in 2^93.

Corrected Text
--
   Poly1305 is designed to ensure that forged messages are rejected with
   a probability of 1-(n/2^106), where n is the maximum length of the
   input to Poly1305.  In the case of (D)TLS, this means a maximum
   forgery probability of about 1 in 2^92.

Notes
-
The security claimed on poly1305 is slightly beyond what was proven by the 
designer (see https://cr.yp.to/mac/poly1305-20050329.pdf), and the trivial 
forgery attempt with a message of length 1 succeeds with probability 2^{-106}.

Instructions:
-
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--
RFC7905 (draft-ietf-tls-chacha20-poly1305-04)
--
Title   : ChaCha20-Poly1305 Cipher Suites for Transport Layer 
Security (TLS)
Publication Date: June 2016
Author(s)   : A. Langley, W. Chang, N. Mavrogiannopoulos, J. 
Strombergson, S. Josefsson
Category: PROPOSED STANDARD
Source  : Transport Layer Security
Area: Security
Stream  : IETF
Verifying Party : IESG

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls