On Aug 25, 2015 7:42 AM, "Viktor Dukhovni" wrote:
> SSH now has ciphersuites where the payload length is encrypted,
> IIRC via a key that is different from the payload key.
Yeah, I'm not that enthusiastic about that feature, but if you want more
complexity, it is possible. The authentication prope
On Aug 25, 2015 7:26 AM, "Kyle Rose" wrote:
>
> >> uint16 length = TLSPlaintext.length;
> >
> > You can't recover the plaintext without knowing how long it is. This
> > part at a minimum needs to be in the clear. At which point you need
> > it to be based on TLSCiphertext.length
>
> Is t
On Tue, Aug 25, 2015 at 10:26:24AM -0400, Kyle Rose wrote:
> (I am not claiming anything about the purity of this approach, only
> that it is technically feasible.)
SSH now has ciphersuites where the payload length is encrypted,
IIRC via a key that is different from the payload key.
--
>> uint16 length = TLSPlaintext.length;
>
> You can't recover the plaintext without knowing how long it is. This
> part at a minimum needs to be in the clear. At which point you need
> it to be based on TLSCiphertext.length
Is that really true? You could decrypt the first block/few bytes
> On Aug 25, 2015, at 2:22 AM, Tom Ritter wrote:
>
> On 22 August 2015 at 19:28, Dave Garrett wrote:
>> Toggling solves the undesired bandwidth use concern stated by Tom by making
>> it fully optional on both sides. The even simpler route of just having to
>> check if there's bytes in the enc
Hi
a working solution fot TLS 1.0,1.1, 1.2, DTLS 1.0, 1.2 is to encrypt
the client certificat with an extra key computed from the master
secret
see
https://tools.ietf.org/html/draft-urien-badra-eap-tls-identity-protection-01
Rgs
Pascal
2015-08-24 22:56 UTC+02:00, Viktor S. Wold Eide :
> Hi,
>
On 24 August 2015 at 21:04, Dave Garrett wrote:
> uint16 length = TLSPlaintext.length;
You can't recover the plaintext without knowing how long it is. This
part at a minimum needs to be in the clear. At which point you need
it to be based on TLSCiphertext.length
___
