On 2/8/19, Hal Murray via devel wrote:
> OpenSSL doesn't support what we need yet.
>
> Daniel has code that does.
> https://github.com/dfoxfranke/libaes_siv
> It doesn't build on NetBSD and gets warnings on FreeBSD.
It gets warnings on Linux as well. But I'm guessing the variables 'block'
of
Yo Hal!
On Fri, 08 Feb 2019 14:12:44 -0800
Hal Murray via devel wrote:
> > Unfortunately, in this case, I'm not sure if OpenSSL implements
> > cipher strings for AEAD selection. I don't think they do. So _if_
> > we implement more than AES_SIV_CMAC_256, we may have to roll our
> > own. However,
Yo Hal!
On Fri, 08 Feb 2019 14:16:45 -0800
Hal Murray via devel wrote:
> Gary said:
> > For good reason. From their wiki:
> > https://wiki.openssl.org/index.php/TLS1.3
> > "The OpenSSL git master branch (and the 1.1.1-pre9 beta version)
> > contain our development TLSv1.3 code which is
Eric said:
> We probably can't ship with anything lower than 1.1.1b, anyway. Not
> according to Martin Langer. And it's not out yet.
The problem is a simple limitation on the length of a string used to make C2S
and S2C. It works fine if we shorten that string. That's a change to the NTS
Gary E. Miller via devel :
> > I'm debugging on OpenSSL 1.1.1a which supports TLS1.3 but is not
> > widely deployed yet.
>
> For good reason. From their wiki:
>
> https://wiki.openssl.org/index.php/TLS1.3
>
> "The OpenSSL git master branch (and the 1.1.1-pre9 beta version)
> contain
Gary said:
> For good reason. From their wiki:
> https://wiki.openssl.org/index.php/TLS1.3
> "The OpenSSL git master branch (and the 1.1.1-pre9 beta version)
> contain our development TLSv1.3 code which is based on the final
> version of RFC8446 and can be used for testing purposes
> Unfortunately, in this case, I'm not sure if OpenSSL implements cipher
> strings for AEAD selection. I don't think they do. So _if_ we implement more
> than AES_SIV_CMAC_256, we may have to roll our own. However, _if_ we have to
> roll our own, we should make it behave similarly to OpenSSL
Yo Hal!
On Fri, 08 Feb 2019 13:51:15 -0800
Hal Murray via devel wrote:
> I'm debugging on OpenSSL 1.1.1a which supports TLS1.3 but is not
> widely deployed yet.
For good reason. From their wiki:
https://wiki.openssl.org/index.php/TLS1.3
"The OpenSSL git master branch (and the 1.1.1-pre9
>> making it build on
>> older versions of OpenSSL.
> Is this important? I haven't followed this exactly, but isn't AES_SIV_CMAC
> only available in bleeding edge (possibly not even released) OpenSSL? If so,
> this is only going to be useful if you're willing to backport the
> AES_SIV_CMAC and
Someone wondered what the changes in draft 16 were. Aside from date
update miscellanea the only change is in section 9.3.
This paragraph:
Do not process time packets from servers if the time computed from
them falls outside the validity period of the server's
certificate.
On 2/8/19 3:14 PM, Gary E. Miller via devel wrote:
> My point is that instead of coming up with somthing new,we should try
> hard to stick to longstanding and well battle tested existing cipher
> strings.
Agreed!
Unfortunately, in this case, I'm not sure if OpenSSL implements cipher
strings for
Yo Richard!
On Fri, 8 Feb 2019 15:01:37 -0600
Richard Laager via devel wrote:
> >> dc2827a3 by Richard Laager at 2019-02-07T18:42:59Z
> >> nts.adoc: Make AEAD_AES_SIV_CMAC_256 not implicit
> >>
> >> If the user specifies a NTPCipherSuite string, they need to include
> >> AEAD_AES_SIV_CMAC_256
On 2/7/19 6:37 PM, Gary E. Miller via devel wrote:
> Yo Richard!
>
> On Fri, 08 Feb 2019 00:26:27 +
> Matt Selsky via vc wrote:
>
>> dc2827a3 by Richard Laager at 2019-02-07T18:42:59Z
>> nts.adoc: Make AEAD_AES_SIV_CMAC_256 not implicit
>>
>> If the user specifies a NTPCipherSuite string,
On 2/7/19 8:20 PM, Hal Murray via devel wrote:
> making it build on
> older versions of OpenSSL.
Is this important? I haven't followed this exactly, but isn't
AES_SIV_CMAC only available in bleeding edge (possibly not even
released) OpenSSL? If so, this is only going to be useful if you're
I had a reason for structuring nts_lib the way I did. It was mostly
because I have the wrong ideas about what I am doing. Most of the
variables that could reasonably be needed and some that are are in the
structs. I was trying (incorrectly) to make the code thread-safe.
Anyway, not that I seem to
15 matches
Mail list logo
