On Tue, Dec 29, 2015 at 10:10:47PM +0200, Karthikeyan Bhargavan wrote: > As mentioned before, validating Curve25519 public values is necessary in TLS > 1.2 without session hash. > Otherwise, as we pointed out in [1], the triple handshake attack returns.
Would it make sense to have session hash as a requirement in TLS 1.2 when you want to use Curve25519? Kurt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls