Re: [TLS] Secdir last call review of draft-ietf-tls-certificate-compression-07

On Thu, Nov 28, 2019 at 05:01:37PM -0800, Christian Huitema via Datatracker wrote: > Reviewer: Christian Huitema > Review result: Has Issues > > I have reviewed draft-ietf-tls-certificate-compression-07 as part of the > security directorate's ongoing effort to review all IETF documents being >

Re: [TLS] DH security issue in TLS

Hi All I found in NIST Special Publication 800-56A Revision 3 5.6.2.3.1 FFC Full Public-Key Validation Routine 2. Verify that 1 = y q mod p. This test is implemented in OPENSSL This test relies on the fact that q and p are prime Pascal Le mer. 4 déc. 2019 à 18:16, Antoine Delignat-Lavaud

[TLS] TLS 1.3 supported versions and downgrade protection

Hi all, I think there might be ambiguity or an interoperability issue with the TLS 1.3 ServerHello Random value downgrade protection and some (possibly?) legitimate negotiation of TLS 1.2 using the supported_versions extension. Looking through RFC 8446 and the mail archives I don’t see

Re: [TLS] TLS 1.3 supported versions and downgrade protection

On Thu, Dec 05, 2019 at 05:30:10PM +, Daniel Van Geest wrote: > Hi all, > > I think there might be ambiguity or an interoperability issue with the TLS > 1.3 ServerHello Random value downgrade protection and some (possibly?) > legitimate negotiation of TLS 1.2 using the supported_versions

Re: [TLS] TLS 1.3 supported versions and downgrade protection

On Thu, Dec 5, 2019 at 12:36 PM Benjamin Kaduk wrote: > On Thu, Dec 05, 2019 at 05:30:10PM +, Daniel Van Geest wrote: > > Hi all, > > > > I think there might be ambiguity or an interoperability issue with the > TLS 1.3 ServerHello Random value downgrade protection and some (possibly?) >

Re: [TLS] [Last-Call] Secdir last call review of draft-ietf-tls-certificate-compression-07

On 12/6/2019 12:42 AM, Alessandro Ghedini wrote: > On Thu, Nov 28, 2019 at 05:01:37PM -0800, Christian Huitema via Datatracker > wrote: >> Reviewer: Christian Huitema >> Review result: Has Issues >> >> I have reviewed draft-ietf-tls-certificate-compression-07 as part of the >> security

Re: [TLS] DH security issue in TLS

> Hi All > > I found in NIST Special Publication 800-56A Revision 3 > 5.6.2.3.1 FFC Full Public-Key Validation Routine > 2. Verify that 1 = y q mod p. That should be, 1 = y^q mod p. > > This test is implemented in OPENSSL > > This test relies on the fact that q and p are prime > > Pascal >

Re: [TLS] DH security issue in TLS

> On Dec 5, 2019, at 8:37 PM, Nasrul Zikri wrote: > > What must the server do if the client is old and does not support the safe > groups in RFC 7919? Presumably the old client is doing TLS 1.2 (or 1.0), since with TLS 1.3, the client MUST specify which groups it supports, and no others can be

Re: [TLS] Adoption call for draft-davidben-tls-batch-signing

+1 for adoption. 2019年11月21日(木) 18:49 Salz, Rich : > I am against the working group NOT adopting this. > > > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Kazuho Oku