Hi list, > Happy to discuss here, but you can also leave comments on the document > itself. Thanks for the invitation.
In my eyes you should add some TLS extension into the context. For a A/A+ grading I recommend the "extended master secret extension" as defined in RFC5246 [1]. In TLS 1.2 the master secret isn't cryptographically bound to the session parameters which enables man in the middle attacks on session resumption. Do you take the "encrypt-then-mac extension" [2] into account for authenticated encryption for the A grade? Another discussable extension is the "truncated_hmac extension" [3], which reduces the hmac to 80 bits. I didn't found any related research to hmac truncatoin and TLS. Do you have any hints, that this one is insecure to use? Have a nice evening, Matthias [1] https://tools.ietf.org/html/rfc7627 [2] https://tools.ietf.org/html/rfc7366 [3] http://www.iana.org/go/rfc6066 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ ssllabs-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ssllabs-discuss
