Fedor Brunner wrote:
>
> Please see the paper "Another Look at ``Provable Security''" from Neal
> Koblitz and Alfred Menezes.
>
> https://eprint.iacr.org/2004/152
>
> Section 7: Conclusion
>
> "There is no need for the PSS or Katz-Wang versions of RSA;
> one might as well use just the basic
On 3 March 2016 at 23:16, Martin Thomson wrote
:
>
> I assume that the last
> error indicates that you didn't get an alert, which I find is
> alarmingly common in TLS.
>
>
Yes, that's right.
Cheers
Rich.
___
TLS mailing
Hanno Böck wrote:
> m...@sap.com (Martin Rex) wrote:
>>
>> The *huge* advantage of PKCS#1 v1.5 signatures over RSA-PSS and ECDSA
>> signatures is that one can clearly distinguish "wrong public key"
>> from "signature does not fit plaintext" errors, and loosing this
>> capability makes certain
On Fri, 4 Mar 2016 14:45:13 +0100 (CET)
m...@sap.com (Martin Rex) wrote:
> What should have adopted for TLSv1.2 already, however, is the less
> forgiving PKCS#1 v1.5 signature check, that re-creates the encoding
> and then compares the recreated inner encoding with the RSA-decrypted
> encoding
Hanno Böck wrote:
> Joseph Salowey wrote:
>>
>> We make RSA-PSS mandatory to implement (MUST implement instead of MUST
>> offer). Clients can advertise support for PKCS-1.5 for backwards
>> compatibility in the transition period.
>> Please respond on the list on whether you
On 04/03/2016 07:58, "EXT Yuhong Bao" wrote:
>
>> From: thomas.foss...@nokia.com
>> To: a...@imperialviolet.org; tls@ietf.org
>> Date: Fri, 4 Mar 2016 07:10:06 +
>> Subject: Re: [TLS] Accepting that other SNI name types will
On 4 March 2016 at 18:10, Fossati, Thomas (Nokia - GB)
wrote:
> In CoRE we might need to allocate a new SNI NameType for non-DNS host
> names [1].
>
> Removing SNI extensibility would make it unfeasible.
Not at all. Define a new extension. We have evidence that that