On Mon, Jul 29, 2019 at 08:15:44PM -0400, David Benjamin wrote: > Hi all, > > I’ve just uploaded a pair of drafts relating to signatures in TLS 1..3. > https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00 > https://tools.ietf.org/html/draft-davidben-tls-batch-signing-00 > > The second describes a batch signing mechanism for TLS using Merkle trees. > It allows TLS clients and servers to better handle signing load. I think it > could be beneficial for a number of DoS and remote key scenarios.
Why is the context string same for clients and servers? The base TLS 1.3 signatures use different context strings for client and server. What is the hash length of SHAKE256 in Ed448_batch? 512 bits (64 octets) required to saturate the collision resistance? "to a random byte of string of" in section 3.1, should that be "to a random byte string of"? -Ilari _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
