On Wed, Jan 04, 2017 at 03:48:25PM -0600, Benjamin Kaduk wrote:
> On 01/03/2017 10:38 PM, Martin Thomson wrote:
>
>
>
> When a server has valid credentials for multiple server names, and at
> least one of those names could also be served by valid credentials o
On 01/03/2017 10:38 PM, Martin Thomson wrote:
> On 4 January 2017 at 15:29, Ilari Liusvaara wrote:
>>> Naively, if s1 and s2 share cert and private key, and ignore the SNI, it
>>> seems like redirecting a full handshake would work. But I didn't think
>>> about it very hard.
>> Actually, I think i
On 4 January 2017 at 15:29, Ilari Liusvaara wrote:
>> Naively, if s1 and s2 share cert and private key, and ignore the SNI, it
>> seems like redirecting a full handshake would work. But I didn't think
>> about it very hard.
>
> Actually, I think it would work if you merely have cross-valid
> sele
On Tue, Jan 03, 2017 at 06:14:23PM -0600, Benjamin Kaduk wrote:
> On 12/30/2016 06:44 AM, Ilari Liusvaara wrote:
> > On Thu, Dec 29, 2016 at 02:45:53PM -0800, Adam Langley wrote:
> >>
> >> An attacker could redirect a 0-RTT handshake that was destined to S1
> >> and feed it to S2. If S2 ignores the
On 12/30/2016 06:44 AM, Ilari Liusvaara wrote:
> On Thu, Dec 29, 2016 at 02:45:53PM -0800, Adam Langley wrote:
>>
>> An attacker could redirect a 0-RTT handshake that was destined to S1
>> and feed it to S2. If S2 ignores the SNI value (common) it could
>> accept and process the 0-RTT data even tho
On 30/12/16 19:41, Bill Frantz wrote:
> On 12/30/16 at 8:17 AM, stephen.farr...@cs.tcd.ie (Stephen Farrell) wrote:
>
>> Fair enough. I didn't read enough text to get that clearly
>> I guess, which is my fault:-)
>
> If you didn't read enough, is this a mistake that implementer's are likely to
On 12/30/16 at 8:17 AM, stephen.farr...@cs.tcd.ie (Stephen Farrell) wrote:
> Fair enough. I didn't read enough text to get that clearly
> I guess, which is my fault:-)
If you didn't read enough, is this a mistake that implementer's are likely to
make?
Cheers - Bill
On Fri, Dec 30, 2016 at 9:21 AM, Ilari Liusvaara
wrote:
> On Fri, Dec 30, 2016 at 08:14:57AM -0800, Eric Rescorla wrote:
> > On Fri, Dec 30, 2016 at 6:43 AM, Stephen Farrell <
> stephen.farr...@cs.tcd.ie>
> > wrote:
> > >
> > > What I'm wondering is if we're maybe missing a server-side check
> >
On Fri, Dec 30, 2016 at 08:14:57AM -0800, Eric Rescorla wrote:
> On Fri, Dec 30, 2016 at 6:43 AM, Stephen Farrell
> wrote:
> >
> > What I'm wondering is if we're maybe missing a server-side check
> > on that, with the possible attempted attack of a 0rtt replay in
> > mind. E.g. a MUST check for th
On 30/12/16 16:14, Eric Rescorla wrote:
> On Fri, Dec 30, 2016 at 6:43 AM, Stephen Farrell
> wrote:
>
>>
>> Hiya,
>>
>> On 29/12/16 19:08, Eric Rescorla wrote:
>>> On Thu, Dec 29, 2016 at 10:50 AM, Stephen Farrell <
>> stephen.farr...@cs.tcd.ie
wrote:
>>>
On 29/12/16 18:38,
On Fri, Dec 30, 2016 at 6:43 AM, Stephen Farrell
wrote:
>
> Hiya,
>
> On 29/12/16 19:08, Eric Rescorla wrote:
> > On Thu, Dec 29, 2016 at 10:50 AM, Stephen Farrell <
> stephen.farr...@cs.tcd.ie
> >> wrote:
> >
> >>
> >>
> >> On 29/12/16 18:38, Eric Rescorla wrote:
> >>> On Thu, Dec 29, 2016 at 10
Hiya,
On 29/12/16 19:08, Eric Rescorla wrote:
> On Thu, Dec 29, 2016 at 10:50 AM, Stephen Farrell > wrote:
>
>>
>>
>> On 29/12/16 18:38, Eric Rescorla wrote:
>>> On Thu, Dec 29, 2016 at 10:15 AM, Stephen Farrell <
>> stephen.farr...@cs.tcd.ie
wrote:
>>>
Hiya,
On 29/12/16
On Thu, Dec 29, 2016 at 1:50 PM, Stephen Farrell
wrote:
>
>
> On 29/12/16 18:38, Eric Rescorla wrote:
> > On Thu, Dec 29, 2016 at 10:15 AM, Stephen Farrell <
> stephen.farr...@cs.tcd.ie
> >> wrote:
> >
> >>
> >> Hiya,
> >>
> >> On 29/12/16 17:37, Adam Langley wrote:
> >>> https://github.com/tlswg
On Thu, Dec 29, 2016 at 02:45:53PM -0800, Adam Langley wrote:
> On Thu, Dec 29, 2016 at 11:08 AM, Eric Rescorla wrote:
> >> >> As an individual, I'd be in favour of this change but reading
> >> >> over [1], section 5, I wondered if we'd analysed the effects of
> >> >> 0rtt/replayable-data with tha
On Thu, Dec 29, 2016 at 11:08 AM, Eric Rescorla wrote:
>> >> As an individual, I'd be in favour of this change but reading
>> >> over [1], section 5, I wondered if we'd analysed the effects of
>> >> 0rtt/replayable-data with that kind of cross-domain re-use in mind?
>> >> The situation being where
On Thu, Dec 29, 2016 at 10:50 AM, Stephen Farrell wrote:
>
>
> On 29/12/16 18:38, Eric Rescorla wrote:
> > On Thu, Dec 29, 2016 at 10:15 AM, Stephen Farrell <
> stephen.farr...@cs.tcd.ie
> >> wrote:
> >
> >>
> >> Hiya,
> >>
> >> On 29/12/16 17:37, Adam Langley wrote:
> >>> https://github.com/tlsw
On 29/12/16 18:38, Eric Rescorla wrote:
> On Thu, Dec 29, 2016 at 10:15 AM, Stephen Farrell > wrote:
>
>>
>> Hiya,
>>
>> On 29/12/16 17:37, Adam Langley wrote:
>>> https://github.com/tlswg/tls13-spec/pull/840 is a pull request that
>>> specifies that (EC)DH values must be fresh for both parties
17 matches
Mail list logo
