I've pushed an update with fixed-length public keys here:
https://github.com/dstebila/draft-ietf-tls-hybrid-design/pull/4
I'll wait for any feedback over the next couple of days then publish a
revised ID.
Douglas
On Sun, Oct 11, 2020 at 2:01 PM Benjamin Kaduk
wrote:
>
> Might as well publish a
Might as well publish a new revision of the I-D in the datatracker, too, since
the current one is approaching its expiry.
-Ben
On Fri, Sep 25, 2020 at 10:16:01AM -0400, Douglas Stebila wrote:
> Thanks! I've merged it in.
>
> On Fri, Sep 25, 2020 at 4:48 AM Nimrod Aviram wrote:
> >
> > Thanks!
Thanks! I've merged it in.
On Fri, Sep 25, 2020 at 4:48 AM Nimrod Aviram wrote:
>
> Thanks!
> The PR is here, happy to hear comments and corrections:
> https://github.com/dstebila/draft-ietf-tls-hybrid-design/pull/1
>
> best,
> Nimrod
>
>
> On Fri, 18 Sep 2020 at 12:04, Nimrod Aviram wrote:
>>
Thanks!
The PR is here, happy to hear comments and corrections:
https://github.com/dstebila/draft-ietf-tls-hybrid-design/pull/1
best,
Nimrod
On Fri, 18 Sep 2020 at 12:04, Nimrod Aviram wrote:
> Sounds good to me.
> I'm happy to send a PR making these changes, but couldn't find the
> repository
Sounds good to me.
I'm happy to send a PR making these changes, but couldn't find the
repository for the document.
Could you please point me to it?
best,
Nimrod
On Thu, 17 Sep 2020 at 17:12, Douglas Stebila wrote:
> Given that all the finalists and alternate candidates have fixed
> length shar
Given that all the finalists and alternate candidates have fixed
length shared secrets, and your observations on the potential for
timing attacks, I'm fine with dealing with only fixed length secrets,
removing the paragraph discussing the possibility for variable-length
shared secrets from the TLS
On Wed, Sep 16, 2020 at 07:26:56PM +0300, Nimrod Aviram wrote:
>
> We also note that a related RFC exists, "Hybrid Post-Quantum Key
> Encapsulation Methods (PQ KEM) for Transport Layer Security 1.2"
> [4]. However, that RFC apparently only uses BIKE, Kyber or SIKE as the
> PQ KEM. To our knowledge
On Wed, Sep 16, 2020 at 12:47 PM David Benjamin
wrote:
> "Variable-length" and "secret" don't really go together in the same
> sentence, as your work demonstrates. I would actually go further and strike
> that text altogether. I don't think it needs to be an open question. That
> lets us stick wi
"Variable-length" and "secret" don't really go together in the same
sentence, as your work demonstrates. I would actually go further and strike
that text altogether. I don't think it needs to be an open question. That
lets us stick with a simple construction.
While the public values aren't secret
Dear all,
We are writing to ask about the possible security impact of
variable-length secrets on the "Hybrid key exchange in TLS 1.3" RFC
[1].
As you probably know, when using key material of variable length
and processing this material using hash functions, a timing side
channel may arise. In br
10 matches
Mail list logo
