Watson Ladd :
The use of predictable IVs in TLS 1.0 was first commented on by
> Rogaway in 1995. (I'm hunting down the source, but this is from a
> presentation of Patterson)
I think you mean
http://web.cs.ucdavis.edu/~rogaway/papers/draft-rogaway-ipsec-comments-00.txt,
On Sat, 2016-03-19 at 07:51 -0700, Watson Ladd wrote:
> On Fri, Mar 18, 2016 at 4:31 PM, Peter Gutmann
> wrote:
> >
> > Watson Ladd writes:
> >
> > >
> > > Then use a padding extension that solves all problems, instead of
> > > relying on
> >
On Fri, Mar 18, 2016 at 1:57 AM, Peter Gutmann
wrote:
> Watson Ladd writes:
>
>>As written supporting this draft requires adopting the encrypt-then-MAC
>>extension. But there already is a widely implemented secure way to use MACs
>>in TLS: