subject:"\[TLS\] History of TLS analysis \(was Re\: TLS 1.2 Long\-term Support Profile draft posted\)"

Re: [TLS] History of TLS analysis (was Re: TLS 1.2 Long-term Support Profile draft posted)

2016-03-21 Thread Bodo Moeller

Watson Ladd : The use of predictable IVs in TLS 1.0 was first commented on by > Rogaway in 1995. (I'm hunting down the source, but this is from a > presentation of Patterson) I think you mean http://web.cs.ucdavis.edu/~rogaway/papers/draft-rogaway-ipsec-comments-00.txt,

Re: [TLS] History of TLS analysis (was Re: TLS 1.2 Long-term Support Profile draft posted)

2016-03-21 Thread Nikos Mavrogiannopoulos

On Sat, 2016-03-19 at 07:51 -0700, Watson Ladd wrote: > On Fri, Mar 18, 2016 at 4:31 PM, Peter Gutmann > wrote: > > > > Watson Ladd writes: > > > > > > > > Then use a padding extension that solves all problems, instead of > > > relying on > >

[TLS] History of TLS analysis (was Re: TLS 1.2 Long-term Support Profile draft posted)

2016-03-19 Thread Watson Ladd

On Fri, Mar 18, 2016 at 1:57 AM, Peter Gutmann wrote: > Watson Ladd writes: > >>As written supporting this draft requires adopting the encrypt-then-MAC >>extension. But there already is a widely implemented secure way to use MACs >>in TLS: