Inventing your own null cipher security opens up the door for replay,
withhold and reorder styles of attacks.
On Mon, Aug 20, 2018 at 9:20 PM Peter Gutmann
wrote:
> Lyndon Nerenberg writes:
>
> >By law, we are forbidden from transmitting encrypted traffic, yet there
> are
> >use cases where
FWIW HAM might require public key signing rather than MACs, since MACs are
meaningless without a key.
On Mon, Aug 20, 2018 at 5:02 PM Lyndon Nerenberg wrote:
> There is one other -- admittedly esoteric! -- place where a NULL
> cipher would he useful: Amateur Radio applications.
>
> By law, we
How are these devices authenticating?
On Mon, Aug 20, 2018 at 4:14 PM Nancy Cam-Winget (ncamwing) wrote:
> Hi Eric,
>
> Thanks for the prompt feedback! Please see further comments/questions
> below:
>
>
>
> *From: *Eric Rescorla
> *Date: *Monday, August 20, 2018 at 13:58
> *To:
Mavrogiannopoulos <n...@redhat.com>
wrote:
> On Wed, 2016-11-23 at 00:39 -0800, Judson Wilson wrote:
> > Can you send multiple records in one data transfer to achieve
> > whatever gains are desired?
>
> The packetization cost still remains even if you do that. However,
Can you send multiple records in one data transfer to achieve whatever
gains are desired?
On Wed, Nov 23, 2016 at 12:30 AM, Nikos Mavrogiannopoulos
wrote:
> On Wed, 2016-11-23 at 10:05 +0200, Yoav Nir wrote:
> > Hi, Nikos
> >
> > On 23 Nov 2016, at 9:06, Nikos Mavrogiannopoulos
>
> Yes, I know that changed. It was an example of something that works with
> TLS 1.2 even when PFS is used. With TLS 1.3 server or client
> implementations
> can find other ways to retain long-term records of session keys. The
> capability
> to do that is not a requisite or desirable protocol
>
> FWIW, I've definitely seen real-world confusion about SSLv3 being a more
> recent protocol than TLS 1.X, by organizations that should know better. If
> there's interest and consensus, this could be a good opportunity to reset
> the situation with TLS/2 or TLS 4.0.
>
> I like TLS/2
The way I read the first draft, the wording made it sound like "nonce" was
a contraction of the words "(N)umber used (once)". I thought I learned
something. Then I looked it up, and unfortunately, that is not the case, as
cute as it would be.
That is the problem with the wording. Even if a nonce
ing, or
extra rounds or messages. Thanks in advance for any feedback.
Sincerely,
Judson Wilson (+ Henry Corrigan-Gibbs, Riad S. Wahby
Keith Winstein, Philip Levis, and Dan Boneh)
Stanford University
___
TLS mailing list
TLS@ietf.org