Re: [TLS] Remove EncryptedExtensions from 0-RTT

[Martin Thomson]

On 27 June 2016 at 02:34, Ilari Liusvaara  wrote:
> That's the reason it is XOR'd currently, but the XOR probably will
> be changed to ADD32 to break correlation-to-parent (which is really
> nasty privacy-wise) in case of ticket reuse.

Let's not make that probably.  I've updated the PR.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Updated TLS-LTS draft posted

[Joseph Lorenzo Hall]

https://www.ietf.org/rfcdiff?url1=draft-gutmann-tls-lts-03=draft-gutmann-tls-lts-04

On Sun, Jun 26, 2016 at 9:13 AM, Peter Gutmann
 wrote:
> I've just posted the latest draft, as per Russ' comments and Hubert Kario's
> suggestion this removes any mention of the term "profile" from the text, it's
> now called an update.  It also clarifies some issues that were encountered
> during testing, for example what happens during a rehandshake and how
> signalling of LTS vs. extended master secret and encrypt-then-MAC are handled.
>
> There's also an open question as to what should happen when a suite with e.g.
> SHA-512 is negotiated.  The LTS mandatory suites all use SHA-256, but it's
> possible to negotiate a suite with SHA-512 while still using LTS.  Presumably
> this means the hash size will change to 64 bytes rather than 32.
>
> Finally, there's now a LTS test server available for interop testing,
> temporarily using the next free extension value 26 until a value is
> permanently assigned for LTS use, see the draft for details.
>
> Peter.
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
1401 K ST NW STE 200, Washington DC 20005-3497
e: j...@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls