Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

On Mon, Mar 12, 2018 at 02:29:55PM -0400, Paul Wouters wrote: > On Mon, 5 Mar 2018, Willem Toorop wrote: > > > No Paul, the division in sections is irrelevant for a verifier. The > > only bit of information in a DNS message that is used by a verifier is > > the question. From the question,

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

On Mon, 5 Mar 2018, Willem Toorop wrote: No Paul, the division in sections is irrelevant for a verifier. The only bit of information in a DNS message that is used by a verifier is the question. From the question, validation starts and the relevant records are followed and verified. But the

[TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

When the server supports externally set PSKs that use human readable identities (or, in general, guessable identities), the current text makes it trivial to perform enumeration attack. The proposed fix was identified as conflicting with the "Client Hello Recording" security section, the

Re: [TLS] Alexey Melnikov's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

Hi, On Wed, Feb 21, 2018, at 4:06 PM, Shumon Huque wrote: > On Wed, Feb 7, 2018 at 9:05 PM, Shumon Huque wrote:>> On > Wed, Feb 7, 2018 at 1:22 PM, Alexey Melnikov >> wrote: >>> Alexey Melnikov has entered the following ballot position for >>>