Merged.
On Thu, May 19, 2016 at 10:41 AM, Eric Rescorla wrote:
> PR: https://github.com/tlswg/tls13-spec/pull/454
>
> I have uploaded a PR [technically two PRs, but one builds on the
> other, so easier to just read the composition] which resolves two out
> of the three significant remaining cryp
I also agree, FWIW, but expected that this would be addressed by any
changes to 0-RTT and PSK in general.
On 20 May 2016 at 09:05, Eric Rescorla wrote:
> Thanks for the clarification. Yes, I believe that is true.
>
> -Ekr
>
>
> On Thu, May 19, 2016 at 11:34 PM, Ilari Liusvaara
> wrote:
>>
>> On
Thanks for the clarification. Yes, I believe that is true.
-Ekr
On Thu, May 19, 2016 at 11:34 PM, Ilari Liusvaara
wrote:
> On Thu, May 19, 2016 at 02:38:35PM -0700, Eric Rescorla wrote:
> > On Thu, May 19, 2016 at 12:35 PM, Ilari Liusvaara <
> ilariliusva...@welho.com>
> > wrote:
> > >
> > > I
On Thu, May 19, 2016 at 02:38:35PM -0700, Eric Rescorla wrote:
> On Thu, May 19, 2016 at 12:35 PM, Ilari Liusvaara
> wrote:
> >
> > In very quick'n'dirty security analysis the other thing I noticed was
> > that if server handshake needs something to be nonce w.r.t. "SS", (e.g.
> > happens in GDHE-
Sorry, I think you lost me there. Can you rephrase?
-Ekr
On Thu, May 19, 2016 at 12:35 PM, Ilari Liusvaara
wrote:
> On Thu, May 19, 2016 at 12:13:45PM -0700, Eric Rescorla wrote:
> > On Thu, May 19, 2016 at 12:11 PM, Ilari Liusvaara <
> ilariliusva...@welho.com>
> > wrote:
> >
> > > On Thu, Ma
On Thu, May 19, 2016 at 12:13:45PM -0700, Eric Rescorla wrote:
> On Thu, May 19, 2016 at 12:11 PM, Ilari Liusvaara
> wrote:
>
> > On Thu, May 19, 2016 at 10:41:16AM -0700, Eric Rescorla wrote:
> >
> > Just one thing to be careful of: If one has off-handshake counter-
> > keys[1] (like the now-rem
On Thu, May 19, 2016 at 12:11 PM, Ilari Liusvaara
wrote:
> On Thu, May 19, 2016 at 10:41:16AM -0700, Eric Rescorla wrote:
> >
> > An additional nice point about this design is that it easily
> > accomodates additional keys. For instance, if we had some post-quantum
> > key exchange method, we cou
On Thu, May 19, 2016 at 10:41:16AM -0700, Eric Rescorla wrote:
>
> An additional nice point about this design is that it easily
> accomodates additional keys. For instance, if we had some post-quantum
> key exchange method, we could easily add its key in the final
> Add-Secret or add an extra Add-
PR: https://github.com/tlswg/tls13-spec/pull/454
I have uploaded a PR [technically two PRs, but one builds on the
other, so easier to just read the composition] which resolves two out
of the three significant remaining crypto issues (the remaining one is
the long-running discussion of post-handsha
