On Tuesday, 20 March 2018 22:21:06 CET Eric Rescorla wrote:
> On Tue, Mar 20, 2018 at 7:42 PM, Hubert Kario wrote:
> > On Monday, 19 March 2018 14:38:05 CET Eric Rescorla wrote:
> > > On Mon, Mar 19, 2018 at 1:33 PM, Nikos Mavrogiannopoulos <
> >
> > n...@redhat.com>
> >
> >
The document has been approved for publication and the outstanding
reference will be added in the RFC editor process during Auth48.
Thank you all for your work on this protocol.
Best regards,
Kathleen
On Tue, Mar 20, 2018 at 5:21 PM, Eric Rescorla wrote:
>
>
> On Tue, Mar 20,
On Tue, Mar 20, 2018 at 7:42 PM, Hubert Kario wrote:
> On Monday, 19 March 2018 14:38:05 CET Eric Rescorla wrote:
> > On Mon, Mar 19, 2018 at 1:33 PM, Nikos Mavrogiannopoulos <
> n...@redhat.com>
> >
> > wrote:
> > > On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> >
On Monday, 19 March 2018 14:38:05 CET Eric Rescorla wrote:
> On Mon, Mar 19, 2018 at 1:33 PM, Nikos Mavrogiannopoulos
>
> wrote:
> > On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> > > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> > > > On
> On Mar 20, 2018, at 12:52, Hubert Kario wrote:
>
> On Monday, 19 March 2018 23:53:16 CET Benjamin Kaduk wrote:
>> On Mon, Mar 19, 2018 at 05:00:51PM +0100, Hubert Kario wrote:
>>> On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote:
After discussion with the
On Monday, 19 March 2018 23:53:16 CET Benjamin Kaduk wrote:
> On Mon, Mar 19, 2018 at 05:00:51PM +0100, Hubert Kario wrote:
> > On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote:
> > > After discussion with the chairs and the AD, I have opted to just add a
> > > section
> > > that explains
On Mon, Mar 19, 2018 at 02:33:52PM +0100, Nikos Mavrogiannopoulos wrote:
> On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> > >
> >
> > > If you want to use PSK with some level of privacy, you might adopt
> > > a
>
On Mon, Mar 19, 2018 at 05:00:51PM +0100, Hubert Kario wrote:
> On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote:
> > After discussion with the chairs and the AD, I have opted to just add a
> > section
> > that explains the attack. I just merged that (but managed not to get it
> > into
On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote:
> After discussion with the chairs and the AD, I have opted to just add a
> section
> that explains the attack. I just merged that (but managed not to get it
> into -27
> due to fumble fingering).
If there is no consensus on the
On Mon, Mar 19, 2018 at 1:33 PM, Nikos Mavrogiannopoulos
wrote:
> On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> > >
> > >
> > > On 3/15/2018 5:51 PM, Benjamin Kaduk wrote:
> > > > On Thu, Mar 15,
On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote:
> On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
> >
> >
> > On 3/15/2018 5:51 PM, Benjamin Kaduk wrote:
> > > On Thu, Mar 15, 2018 at 12:25:38PM +0100, Hubert Kario wrote:
> > > ...
> > > > we do not have a reliable
On Mon, Mar 19, 2018 at 6:38 AM, Daniel Kahn Gillmor
wrote:
> On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote:
>
>> The devices that might use external PSKs will likely be unavoidably
>> fingerprinted by source IP address and the target mothership.
>
> I'm not
On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote:
> The devices that might use external PSKs will likely be unavoidably
> fingerprinted by source IP address and the target mothership.
I'm not convinced that this is the case -- it's not at all clear that
IoT devices will be attached to a
On Sun, Mar 18, 2018 at 03:24:02PM +, Lanlan Pan wrote:
> Benjamin Kaduk 于2018年3月14日周三 上午10:02写道:
>
> > It seems like we get ourselves in trouble by allowing multiple
> > external PSKs to be present. If we allowed at most one external
> > PSK in a given ClientHello, then
> On Mar 18, 2018, at 11:27 AM, Eric Rescorla wrote:
>
> After discussion with the chairs and the AD, I have opted to just add a
> section
> that explains the attack. I just merged that (but managed not to get it into
> -27
> due to fumble fingering).
It seems to me that
After discussion with the chairs and the AD, I have opted to just add a
section
that explains the attack. I just merged that (but managed not to get it
into -27
due to fumble fingering).
-Ekr
On Mon, Mar 12, 2018 at 8:27 AM, Hubert Kario wrote:
> When the server supports
Benjamin Kaduk 于2018年3月14日周三 上午10:02写道:
> It seems like we get ourselves in trouble by allowing multiple
> external PSKs to be present. If we allowed at most one external
> PSK in a given ClientHello, then aborting the handshake on binder
> failure would be the correct choice, as
On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote:
>
>
> On 3/15/2018 5:51 PM, Benjamin Kaduk wrote:
> > On Thu, Mar 15, 2018 at 12:25:38PM +0100, Hubert Kario wrote:
> > ...
> >> we do not have a reliable mechanism of differentiating between external
> >> and
> >> resumption
On 3/15/2018 5:51 PM, Benjamin Kaduk wrote:
> On Thu, Mar 15, 2018 at 12:25:38PM +0100, Hubert Kario wrote:
> ...
>> we do not have a reliable mechanism of differentiating between external and
>> resumption PSKs while parsing Client Hello
> Well, a valid external PSK (identity) the server will
On Thursday, 15 March 2018 22:51:49 CET Benjamin Kaduk wrote:
> On Thu, Mar 15, 2018 at 12:25:38PM +0100, Hubert Kario wrote:
> > On Wednesday, 14 March 2018 21:13:29 CET Benjamin Kaduk wrote:
> > > On Wed, Mar 14, 2018 at 12:46:25PM +0100, Hubert Kario wrote:
> > > > On Wednesday, 14 March 2018
On Wednesday, 14 March 2018 21:13:29 CET Benjamin Kaduk wrote:
> On Wed, Mar 14, 2018 at 12:46:25PM +0100, Hubert Kario wrote:
> > On Wednesday, 14 March 2018 03:02:10 CET Benjamin Kaduk wrote:
> > > It seems like we get ourselves in trouble by allowing multiple
> > > external PSKs to be present.
On Wed, Mar 14, 2018 at 12:46:25PM +0100, Hubert Kario wrote:
> On Wednesday, 14 March 2018 03:02:10 CET Benjamin Kaduk wrote:
> > It seems like we get ourselves in trouble by allowing multiple
> > external PSKs to be present. If we allowed at most one external
> > PSK in a given ClientHello,
On Wednesday, 14 March 2018 03:02:10 CET Benjamin Kaduk wrote:
> It seems like we get ourselves in trouble by allowing multiple
> external PSKs to be present. If we allowed at most one external
> PSK in a given ClientHello, then aborting the handshake on binder
> failure would be the correct
On Tuesday, 13 March 2018 16:18:48 CET Ilari Liusvaara wrote:
> On Mon, Mar 12, 2018 at 04:27:46PM +0100, Hubert Kario wrote:
> > When the server supports externally set PSKs that use human readable
> > identities (or, in general, guessable identities), the current text makes
> > it trivial to
When the server supports externally set PSKs that use human readable
identities (or, in general, guessable identities), the current text makes it
trivial to perform enumeration attack.
The proposed fix was identified as conflicting with the "Client Hello
Recording" security section, the
25 matches
Mail list logo