Re: [TLS] Awkward Handshake: Possible mismatch of client/server view on client authentication in post-handshake mode in Revision 18

On Sat, Feb 11, 2017 at 6:52 AM, Sam Scott wrote: > Is it common that 0.5 RTT data will be sent by the server in a fresh > session? I.e. not after a resumption and therefore without the client > previously sending early data? > Yes, I think it will be, especially in cases

Re: [TLS] Awkward Handshake: Possible mismatch of client/server view on client authentication in post-handshake mode in Revision 18

Is it common that 0.5 RTT data will be sent by the server in a fresh session? I.e. not after a resumption and therefore without the client previously sending early data? Even so, it does also seem like a slightly troubling scenario, since the client has no (in-band) mechanism to determine the

Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)

Hi Kenny, AES-permutation is a permutation. But, AES-GCM (AES in counter mode) is a PRF as long as the 128-bit IVs are unique under the encryption key. The amount of plaintext is the same with the amount of ciphertext. I originally talked about plaintext in my discussion, but several