Re: [TLS] Security review of TLS1.3 0-RTT

On Thu, Jun 1, 2017 at 1:50 PM, Victor Vasiliev wrote: > I am not sure I agree with this distinction. I can accept the difference > in > terms of how much attacker can retry -- but we've already agreed that > bounding > that number is a good idea. I don't see any meaningful

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-ecdhe-psk-aead-04: (with DISCUSS and COMMENT)

Watson Ladd wrote: >Martin Rex wrote: >> >> The suggestion to accept a recognized TLSv1.2 cipher suite code point >> as an alternative indicator for the highest client-supported protocol >> version is not really a "mechanism". It's efficient (with 0-bytes on >> the wire), intuitive

Re: [TLS] Stopping retransmission DTLS 1.2

Hi Simon, In case of partial read, after retransmit timeout if a DTLS receiver doesn’t retransmits then peer will retransmit its flight again only if it is not the final flight. Consider a receiver is DTLS client, and peer (server) is sending its final flight (CCS and FM). If any one of

Re: [TLS] Security review of TLS1.3 0-RTT

On Wed, May 31, 2017 at 03:49:03PM -0400, Victor Vasiliev wrote: > On Tue, May 30, 2017 at 9:56 PM, Colm MacCárthaigh > wrote: > > > Here you argue, essentially, that it is too inconvenient to mitigate those > > attacks for users. I don't think we can seriously take that

[TLS] I-D Action: draft-ietf-tls-dnssec-chain-extension-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security of the IETF. Title : A DANE Record and DNSSEC Authentication Chain Extension for TLS Authors : Melinda Shore