[TLS] Deprecating alert levels

2016-10-14 Thread Kyle Nekritz
After PR #625 all alerts are required to be sent with fatal AlertLevel except for close_notify, end_of_early_data, and user_canceled. Since those three alerts all have separate specified behavior, the AlertLevel field is not serving much purpose, other than providing potential for misuse. We

Re: [TLS] Newcomer’s Implementation Experience of TLS 1.3 Draft 16

2016-10-14 Thread Ilari Liusvaara
On Fri, Oct 14, 2016 at 05:10:01PM +0200, Hubert Kario wrote: > On Thursday, 13 October 2016 23:33:19 CEST Ilari Liusvaara wrote: > > Ok, dumped the handshake using wireshark. Wireshark seems to think > > the SNI with two lengths is perfectly sane. > > that's because wireshark doesn't perform

Re: [TLS] Which SHA function should I use for CertificateVerify of a rsa_pkcs1_sha1 certificate?

2016-10-14 Thread Ilari Liusvaara
On Fri, Oct 14, 2016 at 05:15:48PM +0200, Hubert Kario wrote: > On Friday, 14 October 2016 14:34:49 CEST Kazuho Oku wrote: > > Considering that, to me it seems preferable if the draft stated that > > both PKCS1 and SHA1 are obsoleted, and are allowed to be only used in > > certificates. Or is

Re: [TLS] Which SHA function should I use for CertificateVerify of a rsa_pkcs1_sha1 certificate?

2016-10-14 Thread Hubert Kario
On Friday, 14 October 2016 14:34:49 CEST Kazuho Oku wrote: > Considering that, to me it seems preferable if the draft stated that > both PKCS1 and SHA1 are obsoleted, and are allowed to be only used in > certificates. Or is there any need to handle PKCS1 and SHA1 > differently in protocol

Re: [TLS] Application layer interactions and API guidance

2016-10-14 Thread Watson Ladd
On Mon, Oct 10, 2016 at 11:27 PM, Martin Thomson wrote: > On 11 October 2016 at 07:57, Kyle Rose wrote: >> FWIW, Patrick McManus made a pretty eloquent and convincing case in Berlin >> that the web is substantially broken without retry logic in the