Yes, I think so.
Cheers,
Andrei
From: Eric Rescorla [mailto:e...@rtfm.com]
Sent: Saturday, September 3, 2016 4:07 PM
To: Andrei Popov
Cc: tls@ietf.org
Subject: Re: [TLS] PR #624: Remove Supplemental Auth from TLS 1.3
Thanks for flagging this. Looks like it can just
Thanks for flagging this. Looks like it can just go right before
Certificate in the client's second flight...
-Ekr
On Sat, Sep 3, 2016 at 2:44 PM, Andrei Popov
wrote:
> Hi Eric,
>
>
>
> MS TLS stack uses the user_mapping extension (to map TLS clients to
> Windows
Hi Eric,
MS TLS stack uses the user_mapping extension (to map TLS clients to Windows
domain users). We do not implement client/server_authz.
Cheers,
Andrei
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Eric Rescorla
Sent: Saturday, September 3, 2016 12:54 PM
To: tls@ietf.org
Subject:
https://github.com/tlswg/tls13-spec/pull/624
We currently have code points assigned for
user_mapping [RFC4681]
client_authz [RFC5878]
server_authz [RFC5878]
These aren't well-specified for use in TLS 1.3 and my sense is that they
are barely used. Any objections to just banning them? If not,
> On 2 Sep 2016, at 10:28 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
> We have SHA-256 and SHA-384.
>
> No. By the same token we have AES-128, AES-256, ECDHE over P256, etc.
>
> I support adding SHA-3 to the core.
>
> Alternatively, feel free to throw ChaCha out and
On Tue, Aug 30, 2016 at 11:19 AM, Dave Garrett
wrote:
> I think it's time we just renamed TLS 1.3 to TLS 2.0.
+0.7
--
Colm
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Dave Garrett writes:
>The HTTP/2 spec explicitly refers to TLS 1.3 and up as not needing the
>security restrictions on TLS 1.2 it lays out.
Given that LTS fixes all (known) problems in TLS 1.2 and earlier (hey, if you
know of weaknesses/attacks, say so now), it doesn't