Re: [TLS] Data volume limits

On 01/04/2016 12:59 PM, Hubert Kario wrote: > On Monday 28 December 2015 21:08:10 Florian Weimer wrote: >> On 12/21/2015 01:41 PM, Hubert Kario wrote: >>> if the rekey doesn't allow the application to change authentication >>> tokens (as it now stands), then rekey is much more secure than >>>

Re: [TLS] Data volume limits

On 12/28/2015 10:09 PM, Salz, Rich wrote: >> When the key is changed, the change procedure should involve new randomness. > > I don't think this is necessary, and I don't think the common crypto > expertise agrees with you, either. But I am not a cryptographer, maybe one of > the ones on this

Re: [TLS] A small detail in HMAC key generation for Finished message

On Mon, Jan 4, 2016 at 4:11 PM, Martin Thomson wrote: > On 5 January 2016 at 05:03, Eric Rescorla wrote: > > Ask and ye shall receive: > http://tlswg.github.io/tls13-spec/#digital-signing > > > > "Following that padding is a context string used to

Re: [TLS] Data volume limits

On Monday 04 January 2016 13:02:57 Florian Weimer wrote: > On 01/04/2016 12:59 PM, Hubert Kario wrote: > > On Monday 28 December 2015 21:08:10 Florian Weimer wrote: > >> On 12/21/2015 01:41 PM, Hubert Kario wrote: > >>> if the rekey doesn't allow the application to change > >>> authentication >

Re: [TLS] Data volume limits

On 01/04/2016 01:19 PM, Hubert Kario wrote: >> Dealing with this during the initial handshake is fine. But >> supporting direction-switching after that is *really* difficult. > > yes, this is a bit more problematic, especially for one-sided transfers. > For example, when one side is just

Re: [TLS] TCP Keep Alive Question: draft-ietf-tls-tls13-11

On Mon, Jan 4, 2016 at 7:45 AM, wrote: >> Hello All, >> >> Please excuse if this topic has been previously discussed. I have a >> question about TCP Keep Alives. >> >> Section 5 of draft-ietf-tls-tls13-11 reads: >> >> "Three protocols that use the TLS Record

[TLS] TCP Keep Alive Question: draft-ietf-tls-tls13-11

Hello All, Please excuse if this topic has been previously discussed. I have a question about TCP Keep Alives. Section 5 of draft-ietf-tls-tls13-11 reads: "Three protocols that use the TLS Record Protocol are described in this document: the TLS Handshake Protocol, the Alert Protocol, and the

Re: [TLS] TCP Keep Alive Question: draft-ietf-tls-tls13-11

On Mon, Jan 4, 2016 at 7:45 AM, wrote: > Hello All, > > Please excuse if this topic has been previously discussed. I have a question > about TCP Keep Alives. > > Section 5 of draft-ietf-tls-tls13-11 reads: > > "Three protocols that use the TLS Record Protocol

Re: [TLS] A small detail in HMAC key generation for Finished message

On Mon, Jan 4, 2016 at 9:22 AM, Hubert Kario wrote: > On Thursday 24 December 2015 01:04:59 Christian Huitema wrote: > > On Wednesday, December 23, 2015 3:05 PM, Eric Rescorla wrote: > > >> Similarly, in the HKDF-Expand-Label, do we assume a final null byte > > >> for the

Re: [TLS] A small detail in HMAC key generation for Finished message

On Monday 04 January 2016 09:44:57 Eric Rescorla wrote: > On Mon, Jan 4, 2016 at 9:22 AM, Hubert Kario wrote: > > On Thursday 24 December 2015 01:04:59 Christian Huitema wrote: > > > On Wednesday, December 23, 2015 3:05 PM, Eric Rescorla wrote: > > > >> Similarly, in the