On Jun 3, 2016, at 17:54, Joseph Salowey wrote:
>
> Unfortunately, the TLS record framing is not easily compatible with having
> multiple keys used simultaneously: because we encrypt the content type, it is
> not possible to use it to determine which key to use to decrypt. We
Hi dkg,
sorry for my late response.
Let me start by saying that I do not believe that this is really critical;
after all, we can prove alternative (1) as well — it’s just less clean and
makes the proofs harder to write, read, and verify, which is generally not a
good thing for a cryptographic
On Fri 2016-06-03 17:54:53 -0400, Joseph Salowey wrote:
>Trial decryption has serious implementation problems
>-
>Double-encrypting handshake messages in both the handshake key and the
>application key does not actually provide the required key separation
>-
>Separately
On Sat, Jun 04, 2016 at 02:26:00AM -0400, Dave Garrett wrote:
> On Friday, June 03, 2016 05:54:53 pm Joseph Salowey wrote:
> > Unfortunately, the TLS record framing is not easily compatible with having
> > multiple keys used simultaneously: because we encrypt the content type, it
> > is not
On Friday, June 03, 2016 05:54:53 pm Joseph Salowey wrote:
> Unfortunately, the TLS record framing is not easily compatible with having
> multiple keys used simultaneously: because we encrypt the content type, it
> is not possible to use it to determine which key to use to decrypt. We
> examined a