Yaron Sheffer wrote: >> >> I'm surprised not to see some mention of Heartbleed in Section 2.13. > > Good idea.
Hmm. Yes, that was quite serious. But there have been an abundance of implementation flaws. What do we add and what do we omit from the document? Examples: https://eprint.iacr.org/2011/232.pdf http://www.win.tue.nl/hashclash/rogue-ca/ http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf https://www2.dcsec.uni-hannover.de/files/fc14_unused_cas.pdf https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf ... Aaron
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
