A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security WG of the IETF.
Title : Hybrid key exchange in TLS 1.3
Authors : Douglas Stebila
Scott Fluhrer
Hi,
On Thu, Oct 15, 2020 at 5:56 AM Martin Rex wrote:
>
> The IESG wrote:
> >
> > The IESG has received a request from the Transport Layer Security WG (tls)
> > to
> > consider the following document: - 'Deprecating MD5 and SHA-1 signature
> > hashes in TLS 1.2'
> >
> >as Proposed Standard
I would like to make several points here:
- In terms of operational practice, in order for a server to
function correctly, the CID must either be fixed-length for all
clients that might need to be demuxed *or*
self-describing. Otherwise, the server will not be able to determine
the correct CID. I
The IESG wrote:
>
> The IESG has received a request from the Transport Layer Security WG (tls) to
> consider the following document: - 'Deprecating MD5 and SHA-1 signature
> hashes in TLS 1.2'
>
>as Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits
Hi Ben,
The attack does not require that both are valid for the same peer at the
same time -- the attack can still occur when the party producing the MAC is
induced to use the "wrong" (invalid CID) interpretation of the byte stream
but then the version with valid CID is presented to the party
