On Mon, Oct 12, 2015 at 08:04:37AM -0700, Eric Rescorla wrote:
> On Mon, Oct 12, 2015 at 7:58 AM, Ilari Liusvaara
> wrote:
> >
> > 1) It seems to me that if server key is compromised, MITM can
> > substitute 0-RTT data with its own (at least if original and modified
> > one have the same number of
On Mon, Oct 12, 2015 at 7:58 AM, Ilari Liusvaara
wrote:
> On Mon, Oct 12, 2015 at 04:48:08AM -0700, Eric Rescorla wrote:
> > On Mon, Oct 12, 2015 at 4:40 AM, Hubert Kario wrote:
> >
> > > aren't we still missing the 0-RTT mode?
> >
> > It's in the current draft though there are a few details tha
On Mon, Oct 12, 2015 at 04:48:08AM -0700, Eric Rescorla wrote:
> On Mon, Oct 12, 2015 at 4:40 AM, Hubert Kario wrote:
>
> > aren't we still missing the 0-RTT mode?
>
> It's in the current draft though there are a few details that we're
> going to need to nail down over the next few weeks and in
On Mon, Oct 12, 2015 at 4:40 AM, Hubert Kario wrote:
> On Thursday 08 October 2015 22:20:42 Stephen Farrell wrote:
> > Hiya,
> >
> > First, thanks all for all your ongoing work on TLS1.3. I'm sure we're
> > all aware that this is important stuff that needs to be, and is being,
> > done carefully
On Thursday 08 October 2015 22:20:42 Stephen Farrell wrote:
> Hiya,
>
> First, thanks all for all your ongoing work on TLS1.3. I'm sure we're
> all aware that this is important stuff that needs to be, and is being,
> done carefully with due attention to security analysis.
>
> Early in the process
