On Fri, Aug 19, 2016 at 11:05 AM, Adam Langley wrote:
> I don't think that a device can ensure that the other side doesn't get
> compromised. Even if it rotates keys, there are plenty of ways that a well
> meaning implementation could fail to erase them: copying GCs,
On Fri, Aug 19, 2016 at 2:35 PM Geoffrey Keating wrote:
> Peter Gutmann writes:
>
> > The problem is that 7919 doesn't say "I want to do DHE, if possible
> > with these parameters", it says "I will only accept DHE if you use
> > these parameters,
Peter Gutmann writes:
> The problem is that 7919 doesn't say "I want to do DHE, if possible
> with these parameters", it says "I will only accept DHE if you use
> these parameters, otherwise you cannot use DHE but must drop back to
> RSA". Talk about cutting off your
On Thu, Aug 18, 2016 at 5:18 PM, Keith Winstein
wrote:
> Yeah, our reasoning follows yours and goes a little further:
>
> 4) I don't know when I'm going to wake up again.
> 5) I don't want a subsequent compromise of me *or* the other side to
> reveal prior plaintext from
On Fri, Aug 19, 2016 at 6:03 AM, Peter Gutmann
wrote:
> Ilari Liusvaara writes:
>
>>AFAIK, that failure can only happen if at least one of:
>
> [...]
>
> New groups are introduced but the server or client only support the old ones.
> So the
On Fri, Aug 19, 2016 at 01:03:22PM +, Peter Gutmann wrote:
> Ilari Liusvaara writes:
>
> >AFAIK, that failure can only happen if at least one of:
>
> [...]
>
> New groups are introduced but the server or client only support the old ones.
> So the server does
Ilari Liusvaara writes:
>AFAIK, that failure can only happen if at least one of:
[...]
New groups are introduced but the server or client only support the old ones.
So the server does ffdhe2048, the client does ffdhe2048', both are quite happy
to do DHE-2048 but as a
Bodo Moeller writes:
>Peter, so your complaint is about the lack of support for explicitly
>specified (non-"named") groups?
It's the lack of support for DHE unless it's the exact parameters the server
wants. At the moment if your implementation wants to use DHE (which pretty