On Wed, Jul 5, 2017 at 2:14 PM, Martin Thomson <martin.thom...@gmail.com> wrote:
> On 5 July 2017 at 20:35, Eric Rescorla <e...@rtfm.com> wrote: > > Yes, that might not be a terrible idea. I'd also be open to replacing > > the hashes of 0 with an n-byte length 0 string. It's a tiny paper > > cut (and a wire format change), but would make things slightly simpler . > > I think that would be best. With the change to the transcript hash, > the context would then be: > 1. a transcript hash (size = hash function output) > 2. 0 (size = 0) > 3. ticket nonce (size = 1..255) > Yeah, I can do a PR for this. Out of interest, why not permit 0 length ticket nonces for those of us > that don't issue multiple tickets? > That seems fine too. I think that we should take the hit and make the change. > -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls