Re: [TLS] Alexey Melnikov's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

Hi, On Wed, Feb 21, 2018, at 4:06 PM, Shumon Huque wrote: > On Wed, Feb 7, 2018 at 9:05 PM, Shumon Huque wrote:>> On > Wed, Feb 7, 2018 at 1:22 PM, Alexey Melnikov >> wrote: >>> Alexey Melnikov has entered the following ballot position for >>> draft-ietf-tls-dnssec-chain-extension- >>> 06: Dis

[TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

When the server supports externally set PSKs that use human readable identities (or, in general, guessable identities), the current text makes it trivial to perform enumeration attack. The proposed fix was identified as conflicting with the "Client Hello Recording" security section, the severit

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

On Mon, 5 Mar 2018, Willem Toorop wrote: No Paul, the division in sections is irrelevant for a verifier. The only bit of information in a DNS message that is used by a verifier is the question. From the question, validation starts and the relevant records are followed and verified. But the qu

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

Hello, Can you please provide updated text that addresses EKR's discuss while this additional discussion continues? I'd like to see if it's possible to get this wrapped up before the plenary in London. Eliminating discuss points and resolving this additional issue are required for that. If this

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls13-26: (with COMMENT)

On 3/7/18 12:58 PM, Eric Rescorla wrote: > >  -  TLS SignatureScheme Registry: Values with the first byte in the > >     range 0-253 (decimal) are assigned via Specification Required > >     [RFC8126].  Values with the first byte 254 or 255 (decimal) are > >     reserved for Private Use [RFC8126]

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

On Mon, Mar 12, 2018 at 02:29:55PM -0400, Paul Wouters wrote: > On Mon, 5 Mar 2018, Willem Toorop wrote: > > > No Paul, the division in sections is irrelevant for a verifier. The > > only bit of information in a DNS message that is used by a verifier is > > the question. From the question, valid

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls13-26: (with COMMENT)

> On Mar 12, 2018, at 19:58, Adam Roach wrote: > > On 3/7/18 12:58 PM, Eric Rescorla wrote: >> > > - TLS SignatureScheme Registry: Values with the first byte in the >> > > range 0-253 (decimal) are assigned via Specification Required >> > > [RFC8126]. Values with the first byte 254 o

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls13-26: (with COMMENT)

On 3/12/18 5:33 PM, Sean Turner wrote: On Mar 12, 2018, at 19:58, Adam Roach wrote: On 3/7/18 12:58 PM, Eric Rescorla wrote: - TLS SignatureScheme Registry: Values with the first byte in the range 0-253 (decimal) are assigned via Specification Required [RFC8126]. Values with th

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls13-26: (with COMMENT)

> On Mar 12, 2018, at 22:46, Adam Roach wrote: > > On 3/12/18 5:33 PM, Sean Turner wrote: >> >>> On Mar 12, 2018, at 19:58, Adam Roach wrote: >>> >>> On 3/7/18 12:58 PM, Eric Rescorla wrote: >> - TLS SignatureScheme Registry: Values with the first byte in the >> range 0-253 (de