Re: [TLS] EXTERNAL: Re: integrity only ciphersuites

Inventing your own null cipher security opens up the door for replay, withhold and reorder styles of attacks. On Mon, Aug 20, 2018 at 9:20 PM Peter Gutmann wrote: > Lyndon Nerenberg writes: > > >By law, we are forbidden from transmitting encrypted traffic, yet there > are > >use cases where

Re: [TLS] EXTERNAL: Re: integrity only ciphersuites

FWIW HAM might require public key signing rather than MACs, since MACs are meaningless without a key. On Mon, Aug 20, 2018 at 5:02 PM Lyndon Nerenberg wrote: > There is one other -- admittedly esoteric! -- place where a NULL > cipher would he useful: Amateur Radio applications. > > By law, we

Re: [TLS] integrity only ciphersuites

How are these devices authenticating? On Mon, Aug 20, 2018 at 4:14 PM Nancy Cam-Winget (ncamwing) wrote: > Hi Eric, > > Thanks for the prompt feedback! Please see further comments/questions > below: > > > > *From: *Eric Rescorla > *Date: *Monday, August 20, 2018 at 13:58 > *To:

Re: [TLS] record layer limits of TLS1.3

Mavrogiannopoulos <n...@redhat.com> wrote: > On Wed, 2016-11-23 at 00:39 -0800, Judson Wilson wrote: > > Can you send multiple records in one data transfer to achieve > > whatever gains are desired? > > The packetization cost still remains even if you do that. However,

Re: [TLS] record layer limits of TLS1.3

Can you send multiple records in one data transfer to achieve whatever gains are desired? On Wed, Nov 23, 2016 at 12:30 AM, Nikos Mavrogiannopoulos wrote: > On Wed, 2016-11-23 at 10:05 +0200, Yoav Nir wrote: > > Hi, Nikos > > > > On 23 Nov 2016, at 9:06, Nikos Mavrogiannopoulos

Re: [TLS] Industry Concerns about TLS 1.3

> > Yes, I know that changed. It was an example of something that works with > TLS 1.2 even when PFS is used. With TLS 1.3 server or client > implementations > can find other ways to retain long-term records of session keys. The > capability > to do that is not a requisite or desirable protocol

Re: [TLS] TLS 1.3 -> TLS 2.0?

> > FWIW, I've definitely seen real-world confusion about SSLv3 being a more > recent protocol than TLS 1.X, by organizations that should know better. If > there's interest and consensus, this could be a good opportunity to reset > the situation with TLS/2 or TLS 4.0. > > I like TLS/2

Re: [TLS] [Technical Errata Reported] RFC5288 (4694)

The way I read the first draft, the wording made it sound like "nonce" was a contraction of the words "(N)umber used (once)". I thought I learned something. Then I looked it up, and unfortunately, that is not the case, as cute as it would be. That is the problem with the wording. Even if a nonce

[TLS] TLS 1.3 PR #426: KeyUpdate message: add receive_generation field

ing, or extra rounds or messages. Thanks in advance for any feedback. Sincerely, Judson Wilson (+ Henry Corrigan-Gibbs, Riad S. Wahby Keith Winstein, Philip Levis, and Dan Boneh) Stanford University ___ TLS mailing list TLS@ietf.org