See below.
I think the next thing to do is to get a signal from the working group about
whether we do or don’t want to allow unsolicited server flags, because
prohibiting it will require a significant change in the draft.
I’m happy to make such a change, because I still can’t come up with such
> So far I fail to understand, on an intuitive level, why it easier to
> analyze the protocol when the AAD can take multiple forms potentially
> truncating or omitting the underlying data, but then I don't know the
> details and you're the expert here. If you have time though to explain a
> bit
On 25/04/2020, 11:11, "Thomas Fossati" wrote:
> On 25/04/2020, 01:30, "Christopher Wood" wrote:
> > On Thu, Apr 23, 2020, at 2:17 PM, Eric Rescorla wrote:
> > > 1. Allowing implicit CIDs is very recent (it was introduced in
> > > -34)
> > > 2. The CID specification explicitly prohibits it for
On 24/04/2020, 22:35, "Eric Rescorla" wrote:
> On Fri, Apr 24, 2020 at 2:29 PM chris - wrote:
> > I would need to study the specs in order to provide an intelligent
> > answer here. Off the hip, it would seem to depend on how the
> > boundaries between record headers and ciphertexts are
On 25/04/2020, 01:30, "Christopher Wood" wrote:
> On Thu, Apr 23, 2020, at 2:17 PM, Eric Rescorla wrote:
> > 1. Allowing implicit CIDs is very recent (it was introduced in -34)
> > 2. The CID specification explicitly prohibits it for DTLS 1.2. 3. I
> > haven't really heard a very compelling
