On Wed, Jan 22, 2020 at 10:33:48PM -0600, Nico Williams wrote:
> On Wed, Jan 22, 2020 at 05:12:34PM -0800, Watson Ladd wrote:
> > > Now the first alternative would be infeasible to adopt because it would
> > > require new OpenSSL callback APIs, and anyways would be a more invasive
> > > change to T
On Wed, Jan 22, 2020 at 05:12:34PM -0800, Watson Ladd wrote:
> > Now the first alternative would be infeasible to adopt because it would
> > require new OpenSSL callback APIs, and anyways would be a more invasive
> > change to TLS than the ticketrequest extension makes.
>
> Nothing says you have t
On Wed, Jan 22, 2020 at 05:12:34PM -0800, Watson Ladd wrote:
> > - either the TLS server says "here's a ticket and you MUST or MAY
> >replace the one you already had"
> >
> >or
> >
> > - the TLS client gets to ask for no unnecessary new tickets
> >
> > Now the first alternative would be
On Wed, Jan 22, 2020 at 4:56 PM Nico Williams wrote:
>
> On Tue, Jan 21, 2020 at 06:19:23PM +, Salz, Rich wrote:
> > Viktor and I spoke in more detail. The use-case he brings up makes
> > more sense to me now. The key observation is that this is not about a
>
> I also spoke to Viktor, and he
On Tue, Jan 21, 2020 at 06:19:23PM +, Salz, Rich wrote:
> Viktor and I spoke in more detail. The use-case he brings up makes
> more sense to me now. The key observation is that this is not about a
I also spoke to Viktor, and he explained the motivation in detail. He
really should have done s
Thank's for the clearification.
Having a document clearly specifying how external PSK could be securely
used is a good idea.
I did not aim at blocking useful work with new features! The root of my
question and my motivation is, that just today, I have received a draft
of an industrial protocol s
Hit Björn,
This DT grew out of discussions related to
draft-ietf-tls-external-psk-importer. Ben (our AD) suggested that we start a
DT to have a standalone document to describe considerations for how to USE the
PSKs to avoid various attacks. The chairs would prefer to keep this DT focused
on
Hi!
The chairs want to determine whether we should ask for the assignments
requested in draft-ietf-tls-subcerts [0][1]. We believe the draft is stable
enough and that there is interest from multiple implementers. Please let the
WG know by 2359 UTC 05 February 2020 whether you disagree with th
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security WG of the IETF.
Title : Deprecating MD5 and SHA-1 signature hashes in TLS 1.2
Authors : Loganaden Velvindron
