On Wed, Feb 22, 2017 at 05:23:22PM +, David Benjamin wrote:
> Looks like TLS 1.3 already allows this for CT, though not OCSP. Would take
> all of four characters to fix. See this table:
> https://tlswg.github.io/tls13-spec/#rfc.section.4.2
>
> One of the nice things about using TLS-style exten
On Thu, Feb 9, 2017 at 4:15 PM, Eric Rescorla wrote:
> I've just posted a pull request which slightly adjusts the structure of
> key derivation.
> PR#875 adds another Derive-Secret stage to the left side of the key ladder
> between each pair of HKDF-Extracts. There are two reasons for this:
>
> -
https://github.com/tlswg/tls13-spec/pull/880
I knew it was easy to fix, wasn’t sure if folks wanted it. Gives me a reason
to join the contributors list.
Very useful in peer-to-peer situations.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mail
Looks like TLS 1.3 already allows this for CT, though not OCSP. Would take
all of four characters to fix. See this table:
https://tlswg.github.io/tls13-spec/#rfc.section.4.2
One of the nice things about using TLS-style extensions in
CertificateRequest is any ClientHello => (Server)Certificate exte
Any thoughts on being able to staple OCSP (or CT) data to a client cert once
requested by the server?
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
___
TLS mailing list
TLS@ietf.org
https://w
On Wed, Feb 22, 2017 at 08:04:13AM +, Salz, Rich wrote:
> Why not just say
> The CCM cipher suites are not (currently) defined for TLS 1.3
>
> And leave it at that. We're all quite proud of the fact, and
> deservedly so, that we only have three ciphers defined for TLS 1.3.
> Let's try t
> On 22 Feb 2017, at 8:42, Martin Thomson wrote:
>
> On the interaction with TLS 1.3, we probably need a decision to be made:
>
> 1. strike TLS 1.3 from the document and only mention it in the way Joe
> suggests, TLS 1.3 doesn't get the CCM suites (it already has the
> equivalent of the GCM sui
Why not just say
The CCM cipher suites are not (currently) defined for TLS 1.3
And leave it at that. We're all quite proud of the fact, and deservedly so,
that we only have three ciphers defined for TLS 1.3. Let's try to hold that
position as long as possible.
___