Hey David,
On 2016-07-19 11:58, David McGrew wrote:
HI Atul,
On Jul 19, 2016, at 2:26 AM, Atul Luykx
wrote:
What is especially cool about counter mode encryption is how its real
world security degrades more gracefully than CBC mode encryption. I
am not sure that the FSE paper did a good j
HI Atul,
> On Jul 19, 2016, at 2:26 AM, Atul Luykx wrote:
>
>> What is especially cool about counter mode encryption is how its real
>> world security degrades more gracefully than CBC mode encryption. I
>> am not sure that the FSE paper did a good job of saying it in English
>> as opposed to m
Hi Peter,
> On Jul 19, 2016, at 2:58 AM, Peter Gutmann wrote:
>
> David McGrew writes:
>
>> What is especially cool about counter mode encryption is how its real world
>> security degrades more gracefully than CBC mode encryption.
>
> Uhh... how does CTR "degrade gracefully" compared to CBC?
David McGrew writes:
>What is especially cool about counter mode encryption is how its real world
>security degrades more gracefully than CBC mode encryption.
Uhh... how does CTR "degrade gracefully" compared to CBC? With CTR, any kind
of problem with the IV/CTR leads to a catastrophic loss of
er...@rhul.ac.uk]
Sent: Tuesday, July 12, 2016 1:17 PM
To: Dang, Quynh (Fed); Scott Fluhrer (sfluhrer); Eric Rescorla;
tls@ietf.org
Subject: Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
Hi
On 12/07/2016 18:04, "Dang, Quynh (Fed)"
wrote:
Hi Kenny,
On 7/12/16, 12:33 PM, "Pate
;
>>>>> The probabilities we calculated guarantee that there won't be any
>>>>> attacks (with the usual assumptions...). Beyond the bounds, there are
>>>>> no
>>>>> guarantees. In particular, you cannot conclude that one, for example,
>>&
Hi
On 13/07/2016 11:55, "Dang, Quynh (Fed)" wrote:
>Good morning Kenny,
>
>On 7/12/16, 3:03 PM, "Paterson, Kenny" wrote:
>
>>Hi,
>>Could you define "safe", please? Safe for what? For whom?
>>
>>Again, why are you choosing 2^-32 for your security bound? Why not 2^-40
>>or even 2^-24? What's y
usual assumptions...). Beyond the bounds, there are
>>>>no
>>>> guarantees. In particular, you cannot conclude that one, for example,
>>>> loses 1 bit of security once beyond the birthday bound.
>>>
>>>
>>> How can one use the distingu
e context of TLS
>> ?
>>
>>
>> Regards,
>> Quynh.
>>
>>
>>
>>
>>>
>>> Atul
>>>
>>> On 2016-07-12 20:06, Scott Fluhrer (sfluhrer) wrote:
>>>>>
>>>>> -Original Message-
>>
ietf.org
Subject: Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
Hi
On 12/07/2016 18:04, "Dang, Quynh (Fed)"
wrote:
>Hi Kenny,
>
>On 7/12/16, 12:33 PM, "Paterson, Kenny"
wrote:
>
>>Finally, you write "to come to the 2^38 record limit, they assume
tha
On Tuesday 12 July 2016 15:31:21 Benjamin Kaduk wrote:
> >> ### Encrypted Extensions
> >>
> >> The same extension types MUST NOT appear in both the ServerHello and
> >> EncryptedExtensions. If the same extension appears in both locations,
> >> the client MUST rely only on the value in the Encrypt
, Scott Fluhrer (sfluhrer) wrote:
>>> -Original Message-
>>> From: Paterson, Kenny [mailto:kenny.pater...@rhul.ac.uk]
>>> Sent: Tuesday, July 12, 2016 1:17 PM
>>> To: Dang, Quynh (Fed); Scott Fluhrer (sfluhrer); Eric Rescorla;
>>> tls@ietf.org
>>> Su
Hi Kenny,
On 7/12/16, 3:03 PM, "Paterson, Kenny" wrote:
>Hi,
>
>> On 12 Jul 2016, at 18:56, Dang, Quynh (Fed) wrote:
>>
>> Hi Kenny,
>>
>>> On 7/12/16, 1:39 PM, "Paterson, Kenny"
>>>wrote:
>>>
>>> Hi
>>>
On 12/07/2016 18:12, "Dang, Quynh (Fed)" wrote:
Hi Kenny,
>>
Good morning Kenny,
On 7/12/16, 3:03 PM, "Paterson, Kenny" wrote:
>Hi,
>
>> On 12 Jul 2016, at 18:56, Dang, Quynh (Fed) wrote:
>>
>> Hi Kenny,
>>
>>> On 7/12/16, 1:39 PM, "Paterson, Kenny"
>>>wrote:
>>>
>>> Hi
>>>
On 12/07/2016 18:12, "Dang, Quynh (Fed)" wrote:
Hi Kenny,
On 07/12/2016 04:07 PM, Ilari Liusvaara wrote:
> On Tue, Jul 12, 2016 at 03:31:21PM -0500, Benjamin Kaduk wrote:
>> On 07/11/2016 11:16 PM, Ilari Liusvaara wrote:
>>
>> Requiring filtering would prevent the client from learning when the
>> server supports new schemes, but having the server not filt
On Tue, Jul 12, 2016 at 1:31 PM, Benjamin Kaduk wrote:
> On 07/11/2016 11:16 PM, Ilari Liusvaara wrote:
> > On Mon, Jul 11, 2016 at 12:08:00PM -0700, Eric Rescorla wrote:
> >> Folks,
> >>
> >> I've just submitted draft-ietf-tls-tls13-14.txt and it should
> >> show up on the draft repository short
On Tue, Jul 12, 2016 at 03:31:21PM -0500, Benjamin Kaduk wrote:
> On 07/11/2016 11:16 PM, Ilari Liusvaara wrote:
> > Isn't this the true ciphersuite used on this connection, "resumption"
> > or not? Otherwise you can get into all sorts of crazy situations that
> > WILL be sources of implementation
On 07/11/2016 11:16 PM, Ilari Liusvaara wrote:
> On Mon, Jul 11, 2016 at 12:08:00PM -0700, Eric Rescorla wrote:
>> Folks,
>>
>> I've just submitted draft-ietf-tls-tls13-14.txt and it should
>> show up on the draft repository shortly. In the meantime you
>> can find the editor's copy in the usual lo
ssage-
From: Paterson, Kenny [mailto:kenny.pater...@rhul.ac.uk]
Sent: Tuesday, July 12, 2016 1:17 PM
To: Dang, Quynh (Fed); Scott Fluhrer (sfluhrer); Eric Rescorla;
tls@ietf.org
Subject: Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
Hi
On 12/07/2016 18:04, "Dang, Quynh (Fed)" wr
gt; record is the maximum 2^14 bytes. Of course, at a 1Gbps rate, it'd take
>>> over a year to encrypt that much data...
>>>
>>>> -Original Message-
>>>> From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dang, Quynh (Fed)
>>>>
Hi,
> On 12 Jul 2016, at 18:56, Dang, Quynh (Fed) wrote:
>
> Hi Kenny,
>
>> On 7/12/16, 1:39 PM, "Paterson, Kenny" wrote:
>>
>> Hi
>>
>>> On 12/07/2016 18:12, "Dang, Quynh (Fed)" wrote:
>>>
>>> Hi Kenny,
>>>
On 7/12/16, 1:05 PM, "Paterson, Kenny" wrote:
Hi
> O
> From: Paterson, Kenny [mailto:kenny.pater...@rhul.ac.uk]
>> Sent: Tuesday, July 12, 2016 1:17 PM
>> To: Dang, Quynh (Fed); Scott Fluhrer (sfluhrer); Eric Rescorla; tls@ietf.org
>> Subject: Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
>>
>> Hi
>>
>>
> -Original Message-
> From: Paterson, Kenny [mailto:kenny.pater...@rhul.ac.uk]
> Sent: Tuesday, July 12, 2016 1:17 PM
> To: Dang, Quynh (Fed); Scott Fluhrer (sfluhrer); Eric Rescorla; tls@ietf.org
> Subject: Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
>
> Hi
the maximum 2^14 bytes. Of course, at a 1Gbps rate, it'd take
>>over a year to encrypt that much data...
>>
>>> -Original Message-
>>> From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dang, Quynh (Fed)
>>> Sent: Tuesday, July 12, 2016 11:1
Hi Kenny,
On 7/12/16, 1:39 PM, "Paterson, Kenny" wrote:
>Hi
>
>On 12/07/2016 18:12, "Dang, Quynh (Fed)" wrote:
>
>>Hi Kenny,
>>
>>On 7/12/16, 1:05 PM, "Paterson, Kenny" wrote:
>>
>>>Hi
>>>
>>>On 12/07/2016 16:12, "Dang, Quynh (Fed)" wrote:
>>>
Hi Kenny,
I support the strongest
Hi
On 12/07/2016 18:12, "Dang, Quynh (Fed)" wrote:
>Hi Kenny,
>
>On 7/12/16, 1:05 PM, "Paterson, Kenny" wrote:
>
>>Hi
>>
>>On 12/07/2016 16:12, "Dang, Quynh (Fed)" wrote:
>>
>>>Hi Kenny,
>>>
>>>I support the strongest indistinguishability notion mentioned in (*)
>>>above, but in my opinion we
Hi
On 12/07/2016 18:04, "Dang, Quynh (Fed)" wrote:
>Hi Kenny,
>
>On 7/12/16, 12:33 PM, "Paterson, Kenny" wrote:
>
>>Finally, you write "to come to the 2^38 record limit, they assume that
>>each record is the maximum 2^14 bytes". For clarity, we did not recommend
>>a limit of 2^38 records. That
m, then sends the ciphertext to
>>>>the attacker. After seeing the ciphertext, the attacker has some
>>>>success
>>>>probability of telling which plaintext
>>>> was encrypted and this success probability is in the column called
>>>&g
gt;the attacker. After seeing the ciphertext, the attacker has some
>>>success
>>>probability of telling which plaintext
>>> was encrypted and this success probability is in the column called
>>>³Attack Success Probability² in Table 1. This attack does not br
...@ietf.org] On Behalf Of Dang, Quynh (Fed)
>>> Sent: Tuesday, July 12, 2016 11:12 AM
>>> To: Paterson, Kenny; Dang, Quynh (Fed); Eric Rescorla; tls@ietf.org
>>> Subject: Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
>>>
>>> Hi Kenny,
>>>
Of Dang, Quynh (Fed)
>> Sent: Tuesday, July 12, 2016 11:12 AM
>> To: Paterson, Kenny; Dang, Quynh (Fed); Eric Rescorla; tls@ietf.org
>> Subject: Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
>>
>> Hi Kenny,
>>
>> The indistinguishability-based secu
-
> From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dang, Quynh (Fed)
> Sent: Tuesday, July 12, 2016 11:12 AM
> To: Paterson, Kenny; Dang, Quynh (Fed); Eric Rescorla; tls@ietf.org
> Subject: Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
>
> Hi Kenny,
>
> The indistingu
>
>>If the attack above breaks one of security goal(s) of your individual
>>system, then making success probability of that attack at 2^(-32) max is
>>enough. In that case, the Max number of records is around 2^38.
>>
>>
>>
>>
>>Regards,
>>
our individual
>system, then making success probability of that attack at 2^(-32) max is
>enough. In that case, the Max number of records is around 2^38.
>
>
>
>
>Regards,
>Quynh.
>
>
>
>
>
>
>Date: Monday, July 11, 2016 at 3:08 PM
>To: "tls@ietf.o
case, the Max number of records is around 2^38.
Regards,
Quynh.
From: TLS mailto:tls-boun...@ietf.org>> on behalf of Eric
Rescorla mailto:e...@rtfm.com>>
Date: Monday, July 11, 2016 at 3:08 PM
To: "tls@ietf.org<mailto:tls@ietf.org>" mailto:tls@ietf.org>>
Subject:
case, the Max number of records is around 2^38.
Regards,
Quynh.
Date: Monday, July 11, 2016 at 3:08 PM
To: "tls@ietf.org<mailto:tls@ietf.org>" mailto:tls@ietf.org>>
Subject: [TLS] New draft: draft-ietf-tls-tls13-14.txt
Folks,
I've just submitted draft-ietf-tls-tls1
On Tue, Jul 12, 2016 at 01:52:57AM -0400, Dave Garrett wrote:
> Just replying to a few points.
>
> On Tuesday, July 12, 2016 12:16:24 am Ilari Liusvaara wrote:
> > ### Hello Retry Request
> >
> > > selected_group
> > > : The mutually supported group the server intends to negotiate and
> > > is
Just replying to a few points.
On Tuesday, July 12, 2016 12:16:24 am Ilari Liusvaara wrote:
> ### Hello Retry Request
>
> > selected_group
> > : The mutually supported group the server intends to negotiate and
> > is requesting a retried ClientHello/KeyShare for.
> > {:br }
>
> What is writte
On Mon, Jul 11, 2016 at 12:08:00PM -0700, Eric Rescorla wrote:
> Folks,
>
> I've just submitted draft-ietf-tls-tls13-14.txt and it should
> show up on the draft repository shortly. In the meantime you
> can find the editor's copy in the usual location at:
> As usual, comments welcome.
> -Ekr
Did
Folks,
I've just submitted draft-ietf-tls-tls13-14.txt and it should
show up on the draft repository shortly. In the meantime you
can find the editor's copy in the usual location at:
http://tlswg.github.io/tls13-spec/
The major changes in this document are:
* A big restructure to make it read
40 matches
Mail list logo
