On Mon, Dec 28, 2015 at 06:46:02AM -0500, Eric Rescorla wrote:
> On Sun, Dec 27, 2015 at 11:55 PM, Christian Huitema
> wrote:
>
> > For DTLS, we have to consider the packet injection threat. It is fairly
> > easy to send some random bytes with a fake source to a UDP
From: Eric Rescorla [mailto:e...@rtfm.com]
Sent: Monday, December 28, 2015 1:46 AM
To: Christian Huitema
Cc: Dave Garrett ; tls@ietf.org
Subject: Re: [TLS] What does it mean to not include 0-RTT message in the
handshake hash?
On Sun, Dec 27,
On Mon, Dec 28, 2015 at 4:49 PM, Ilari Liusvaara
wrote:
> On Mon, Dec 28, 2015 at 06:46:02AM -0500, Eric Rescorla wrote:
> > On Sun, Dec 27, 2015 at 11:55 PM, Christian Huitema <
> huit...@microsoft.com>
> > wrote:
> >
> > > For DTLS, we have to consider the packet
On Mon, Dec 28, 2015 at 06:59:48PM -0500, Eric Rescorla wrote:
> On Mon, Dec 28, 2015 at 4:49 PM, Ilari Liusvaara
> wrote:
> >
> > Also, on topic of DTLS 1.3... It occurs to me that naively doing it
> > would leave it open to "fragementation attacks" a'la IPv6.
> >
> >
On Saturday, December 26, 2015 9:08 PM, Dave Garrett wrote:
> On Thursday, December 24, 2015 08:08:25 pm Eric Rescorla wrote:
> > Well, this is a general requirement any time the record MAC is bad:
> > See
> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftlswg.gith
>
On Sunday, December 27, 2015 11:55:16 pm Christian Huitema wrote:
> On Saturday, December 26, 2015 9:08 PM, Dave Garrett wrote:
> > On Thursday, December 24, 2015 08:08:25 pm Eric Rescorla wrote:
> > > Well, this is a general requirement any time the record MAC is bad:
> > > See
> >
On Thu, Dec 24, 2015 at 5:01 PM, Dave Garrett
wrote:
> On Thursday, December 24, 2015 04:48:58 pm Eric Rescorla wrote:
> > On Thu, Dec 24, 2015 at 4:26 PM, Dave Garrett
> > wrote:
> > > Do we have anything that protects against an intermediary
On Thu, Dec 24, 2015 at 4:26 PM, Dave Garrett
wrote:
> On Thursday, December 24, 2015 03:40:26 pm Christian Huitema wrote:
> > On Monday, December 21, 2015 6:30 PM, Martin Thomson wrote:
> > > On 22 December 2015 at 13:25, Christian Huitema >
> >
On Thursday, December 24, 2015 03:40:26 pm Christian Huitema wrote:
> On Monday, December 21, 2015 6:30 PM, Martin Thomson wrote:
> > On 22 December 2015 at 13:25, Christian Huitema
> > wrote:
> > >> Unless I'm confused (which is possible given the time of night),
> > >>
On Thursday, December 24, 2015 04:48:58 pm Eric Rescorla wrote:
> On Thu, Dec 24, 2015 at 4:26 PM, Dave Garrett
> wrote:
> > Do we have anything that protects against an intermediary stripping 0RTT
> > messages from a handshake to force a fallback?
>
> Yes:
> 1. The
On Thu, Dec 24, 2015 at 3:40 PM, Christian Huitema
wrote:
> On Monday, December 21, 2015 6:30 PM, Martin Thomson wrote:
> >
> > On 22 December 2015 at 13:25, Christian Huitema
> > wrote:
> > >> Unless I'm confused (which is possible given the time
On Monday, December 21, 2015 6:30 PM, Martin Thomson wrote:
>
> On 22 December 2015 at 13:25, Christian Huitema
> wrote:
> >> Unless I'm confused (which is possible given the time of night),
> >> the intention, as you say, is to separate out the 0-RTT handshake
> >>
> You're referring the editor's copy (WIP-11), right?
Yes.
...
> I was just going over this text today and realized it's kind of confusing
> (and the whole "handshake_hash" abstraction is starting to be less useful
> in light of the PR#316 reframing of the authentication block).
Yes, the
On Monday, December 21, 2015 09:25:44 pm Christian Huitema wrote:
> > I was just going over this text today and realized it's kind of confusing
> > (and the whole "handshake_hash" abstraction is starting to be less useful
> > in light of the PR#316 reframing of the authentication block).
>
> Yes,
The handshake hash specification in section 7.1 says:
Where handshake_hash includes all messages up through the
server CertificateVerify message, but not including any
0-RTT handshake messages (the server's Finished is not
included because the master_secret is need to compute
the
On Mon, Dec 21, 2015 at 5:49 PM, Christian Huitema
wrote:
> The handshake hash specification in section 7.1 says:
>
You're referring the editor's copy (WIP-11), right?
> Where handshake_hash includes all messages up through the
> server CertificateVerify message,
On Mon, Dec 21, 2015 at 6:33 PM, Dave Garrett
wrote:
> On Monday, December 21, 2015 09:25:44 pm Christian Huitema wrote:
> > > I was just going over this text today and realized it's kind of
> confusing
> > > (and the whole "handshake_hash" abstraction is starting to be
On 22 December 2015 at 13:25, Christian Huitema wrote:
>> Unless I'm confused (which is possible given the time of night),
>> the intention, as you say, is to separate out the 0-RTT handshake
>> messages i.e., (cert, cert verify, finished) from the 1-RTT computations.
>
>
18 matches
Mail list logo