Re: [TLS] TLS 1.2 Long-term Support Profile vs HTTP/2.0

2016-04-01 Thread Dave Garrett
On Friday, April 01, 2016 03:54:51 am Nikos Mavrogiannopoulos wrote: > On Wed, 2016-03-16 at 12:36 +, Peter Gutmann wrote: > > After a number of, uh, gentle reminders from people who have been > > waiting for > > this, I've finally got around to posting the TLS-LTS draft I > > mentioned a

Re: [TLS] 0RTT and HelloRetryRequest (Re: Narrowing the replay window)

2016-04-01 Thread Martin Thomson
On 1 April 2016 at 03:46, Ilari Liusvaara wrote: > >> > I believe Option #2 is simplest. >> >> I didn't mention this because I was composing on a phone at the time, >> but we have to decide whether to allow a second attempt at 0-RTT. If >> we do, then the effect is a

Re: [TLS] Call for consensus: Removing DHE-based 0-RTT

2016-04-01 Thread Hugo Krawczyk
On Thu, Mar 31, 2016 at 11:49 PM, Eric Rescorla wrote: > > > On Thu, Mar 31, 2016 at 8:39 PM, Hugo Krawczyk > wrote: > >> >> >> On Tue, Mar 29, 2016 at 9:11 AM, Sean Turner wrote: >> >>> All, >>> >>> To make sure we’ve got a clear way

Re: [TLS] AD review of draft-ietf-tls-falsestart-01

2016-04-01 Thread Eric Rescorla
On Fri, Apr 1, 2016 at 7:19 AM, Stephen Farrell wrote: > > > Forward secrecy can be achieved using ephemeral Diffie-Hellman or > > ephemeral Elliptic-Curve Diffie-Hellman ... > > > > If we summarize these in the Introduction we’re good? > > No, I'm on about missing

Re: [TLS] AD review of draft-ietf-tls-falsestart-01

2016-04-01 Thread Peter Bowen
On Thu, Mar 31, 2016 at 6:19 PM, Sean Turner wrote: > > 0) As described above: Get it approved by the IESG, hold it in RFC editor’s > queue, and publish it as historic at the same time TLS 1.3 is published. I'm not a fan of this option simply because

Re: [TLS] AD review of draft-ietf-tls-falsestart-01

2016-04-01 Thread Stephen Farrell
Hi Sean, Thanks for moving this along, On 01/04/16 02:19, Sean Turner wrote: > On Mar 24, 2016, at 05:56, Stephen Farrell > wrote: >> >> >> Hiya, >> >> Thanks for the speedy response... >> >> Again #3 below is what I care about, the other stuff isn't a big >>

[TLS] TLS 1.2 Long-term Support Profile vs HTTP/2.0

2016-04-01 Thread Nikos Mavrogiannopoulos
On Wed, 2016-03-16 at 12:36 +, Peter Gutmann wrote: > After a number of, uh, gentle reminders from people who have been > waiting for > this, I've finally got around to posting the TLS-LTS draft I > mentioned a while > back.  It's now available as: > > >