On Thu, Nov 28, 2019 at 05:01:37PM -0800, Christian Huitema via Datatracker
wrote:
> Reviewer: Christian Huitema
> Review result: Has Issues
>
> I have reviewed draft-ietf-tls-certificate-compression-07 as part of the
> security directorate's ongoing effort to review all IETF documents being
>
Hi All
I found in NIST Special Publication 800-56A Revision 3
5.6.2.3.1 FFC Full Public-Key Validation Routine
2. Verify that 1 = y q mod p.
This test is implemented in OPENSSL
This test relies on the fact that q and p are prime
Pascal
Le mer. 4 déc. 2019 à 18:16, Antoine Delignat-Lavaud
Hi all,
I think there might be ambiguity or an interoperability issue with the TLS 1.3
ServerHello Random value downgrade protection and some (possibly?) legitimate
negotiation of TLS 1.2 using the supported_versions extension. Looking through
RFC 8446 and the mail archives I don’t see
On Thu, Dec 05, 2019 at 05:30:10PM +, Daniel Van Geest wrote:
> Hi all,
>
> I think there might be ambiguity or an interoperability issue with the TLS
> 1.3 ServerHello Random value downgrade protection and some (possibly?)
> legitimate negotiation of TLS 1.2 using the supported_versions
On Thu, Dec 5, 2019 at 12:36 PM Benjamin Kaduk wrote:
> On Thu, Dec 05, 2019 at 05:30:10PM +, Daniel Van Geest wrote:
> > Hi all,
> >
> > I think there might be ambiguity or an interoperability issue with the
> TLS 1.3 ServerHello Random value downgrade protection and some (possibly?)
>
On 12/6/2019 12:42 AM, Alessandro Ghedini wrote:
> On Thu, Nov 28, 2019 at 05:01:37PM -0800, Christian Huitema via Datatracker
> wrote:
>> Reviewer: Christian Huitema
>> Review result: Has Issues
>>
>> I have reviewed draft-ietf-tls-certificate-compression-07 as part of the
>> security
> Hi All
>
> I found in NIST Special Publication 800-56A Revision 3
> 5.6.2.3.1 FFC Full Public-Key Validation Routine
> 2. Verify that 1 = y q mod p.
That should be, 1 = y^q mod p.
>
> This test is implemented in OPENSSL
>
> This test relies on the fact that q and p are prime
>
> Pascal
>
> On Dec 5, 2019, at 8:37 PM, Nasrul Zikri wrote:
>
> What must the server do if the client is old and does not support the safe
> groups in RFC 7919?
Presumably the old client is doing TLS 1.2 (or 1.0), since with TLS 1.3,
the client MUST specify which groups it supports, and no others can be
+1 for adoption.
2019年11月21日(木) 18:49 Salz, Rich :
> I am against the working group NOT adopting this.
>
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
--
Kazuho Oku