On Sun, 3 Mar 2024, at 23:02, Alan DeKok wrote:
>> My proposal would be to just use a dummy (marked optional) Outer-TLV that
>> would be ignored by the other end to avoid this problem; sort of like
>> GREASE...but to fix an insecurity instead.
>
> I think that changes existing implementations.
On Mar 3, 2024, at 2:05 PM, Alexander Clouter wrote:
> Took me a moment to figure out what David was pointing to but I think you are
> incorrect.
>
> In Section 5.3 (Computing the Compound MAC), you are calculating the MAC
> through blind concatenation and there is no machinery in there to di
On Sun, 3 Mar 2024, at 15:52, Alan DeKok wrote:
>> If not, then in theory a MITM might be able to remove the last
>> server-to-peer outer TLV and prepend it to the peer-to-server TLVs, or vice
>> versa, and the MAC would be the same. However, each side knows which outer
>> TLVs
>> it sent before t
On Sat, 2 Mar 2024, at 18:20, David Mandelberg wrote:
>> Maybe a TEAPv2 could use ALPN for the TLS jacket to avoid this..erk, I think
>> I may have suggested something that could be retro fitted here without
>> impacting existing implementations; assuming they would just ignore the ALPN.
>
> ALPN
On Mar 1, 2024, at 10:21 PM, David Mandelberg via Datatracker
wrote:
>
> (nit) If I understand the TEAP version negotiation and Crypto-Binding
> correctly, the negotiated version is not cryptographically verified until
> either (1) after the first inner method is completed or (2) just before the
Op 2024-03-02 om 11:27 schreef Alexander Clouter:
On Sat, 2 Mar 2024, at 03:21, David Mandelberg via Datatracker wrote:
(nit) If I understand the TEAP version negotiation and Crypto-Binding
correctly, the negotiated version is not cryptographically verified until
either (1) after the first inne
On Sat, 2 Mar 2024, at 03:21, David Mandelberg via Datatracker wrote:
>
> (nit) If I understand the TEAP version negotiation and Crypto-Binding
> correctly, the negotiated version is not cryptographically verified until
> either (1) after the first inner method is completed or (2) just before the
>
Reviewer: David Mandelberg
Review result: Has Nits
(nit) If I understand the TEAP version negotiation and Crypto-Binding
correctly, the negotiated version is not cryptographically verified until
either (1) after the first inner method is completed or (2) just before the
final result, if there are
