On Thu, Jun 1, 2017 at 1:50 PM, Victor Vasiliev wrote:
> I am not sure I agree with this distinction. I can accept the difference
> in
> terms of how much attacker can retry -- but we've already agreed that
> bounding
> that number is a good idea. I don't see any meaningful
Watson Ladd wrote:
>Martin Rex wrote:
>>
>> The suggestion to accept a recognized TLSv1.2 cipher suite code point
>> as an alternative indicator for the highest client-supported protocol
>> version is not really a "mechanism". It's efficient (with 0-bytes on
>> the wire), intuitive
Hi Simon,
In case of partial read, after retransmit timeout if a DTLS receiver doesn’t
retransmits then peer will retransmit its flight again only if it is not the
final flight.
Consider a receiver is DTLS client, and peer (server) is sending its final
flight (CCS and FM). If any one of
On Wed, May 31, 2017 at 03:49:03PM -0400, Victor Vasiliev wrote:
> On Tue, May 30, 2017 at 9:56 PM, Colm MacCárthaigh
> wrote:
>
> > Here you argue, essentially, that it is too inconvenient to mitigate those
> > attacks for users. I don't think we can seriously take that
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security of the IETF.
Title : A DANE Record and DNSSEC Authentication Chain
Extension for TLS
Authors : Melinda Shore