On Thu, Oct 10, 2013 at 3:32 PM, John Kelsey <crypto....@gmail.com> wrote: > The goal is to have an inner protocol which can run inside TLS or some > similar thing [...] > > Suppose we have this inner protocol running inside a TLS version that is > subject to one of the CBC padding reaction attacks. The inner protocol > completely blocks that.
If you can design an "inner protocol" to resist such attacks - which you can, easily - why wouldn't you just design the "outer protocol" the same way? Trevor _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography