This paragraph refers to the anti-downgrade mechanism described in 4.1.3.
-Ekr
On Wed, Nov 9, 2016 at 6:56 AM, Roel Peeters
wrote:
> Hi Dave,
>
> We are wondering because of this piece of text from the RFC EDITOR just
> above paragraph 4.1.4 on Hello Retry Request:
>
> RFC EDITOR: PLEASE REMOV
Hi Dave,
We are wondering because of this piece of text from the RFC EDITOR just above
paragraph 4.1.4 on Hello Retry Request:
RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH Implementations of draft
versions (see Section 4.2.1.1) of this specification SHOULD NOT implement this
mechanism on
On Tue, Nov 8, 2016 at 2:33 PM, Ilari Liusvaara
wrote:
> - Yeah, there have been complaints about lack of state diagram, stating
> that the present ladder diagram is not sufficient.
>
Yeah, I'm taking this point to heart. I've been a bit swamped with
implementation
matters, but I'll get workin
On Tue, Nov 08, 2016 at 03:55:36PM +0100, Roel Peeters wrote:
> Dear all,
>
> just to let you know that we have written a blog post on the current TLS
> 1.3 draft, with our remarks that might be of use in your upcoming meeting.
>
> https://securewww.esat.kuleuven.be/cosic/?p=6624
Some comments:
On Tuesday, November 08, 2016 09:55:36 am Roel Peeters wrote:
> we are also wondering whether or not the Hello Retry Request will be
> included or omitted in the standard. Leaving it out will make TLS 1.3
> vulnerable again to downgrade attacks ...
Why are you wondering about this? HRR is in the s
I let this message through the moderator queue despite the link to the blog;
next time please send your comments directly to the list. Note that I wouldn’t
necessarily expect anybody to pick up your points for you; PRs are welcome
though.
spt
> On Nov 08, 2016, at 20:25, Roel Peeters wrote:
