>> Unless I've missed something -- they are not, assuming you have >> a sufficiently strong random number generator. The challenge mechanism >> rebuilds the shared state in a secure manner, and the index mechanism >> ensures that an (index, seqno) pair is never reused.
> I had a really hard time understanding this, even with this help. > Right now, I don't know what key is used for HMAC. I think that the > expectation is that each peer has a fixed HMAC key, but the contents > of the packet always change, thereby ensuring that the resulting MAC > is different for every packet. That's the general idea, yes. I'm not a cryptographer myself, and I don't know how original this is. > I would suggest that a formal analysis would be a good idea. Yes, we're hoping to do that. If you could point us to examples of papers that contain a proof of correctness of a cryptographic protocol that you believe is well done, that'd be helpful. -- Juliusz _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls