>> - Change the negotiation so that user name is not exchanged in the clear
>> - Change key exchange to do PFS
>TLS-pwd already supports both of these. It also supports ECC too,
>which is problematic with the current SRP protocol.
I agree: Instead of modifying SRP I would prefer introducing a n
> On 17 Jul 2015, at 1:38 am, Schmidt, Jörn-Marc
> wrote:
>
>>> - Change the negotiation so that user name is not exchanged in the clear
>>> - Change key exchange to do PFS
>
>> TLS-pwd already supports both of these. It also supports ECC too,
>> which is problematic with the current SRP proto
Brian Smith posted an RFE to GitHub a few months ago requesting "A mechanism is
needed to indicate that a session will not be resumed":
https://github.com/tlswg/tls13-spec/issues/137
The goal is to provide a simple way for either endpoint to request that the
master secret be forgotten ASAP to pr
On Fri, Jul 17, 2015 at 9:37 PM, Dave Garrett
wrote:
> Brian Smith posted an RFE to GitHub a few months ago requesting "A
> mechanism is needed to indicate that a session will not be resumed":
> https://github.com/tlswg/tls13-spec/issues/137
>
> The goal is to provide a simple way for either endp
Dave Garrett wrote:
> Brian Smith posted an RFE to GitHub a few months ago requesting "A
> mechanism is needed to indicate that a session will not be resumed":
> https://github.com/tlswg/tls13-spec/issues/137
>
> The goal is to provide a simple way for either endpoint to request that
> the master
On Fri, Jul 17, 2015 at 9:37 PM, Dave Garrett
wrote:
> Brian Smith posted an RFE to GitHub a few months ago requesting "A
> mechanism is needed to indicate that a session will not be resumed":
> https://github.com/tlswg/tls13-spec/issues/137
[...]
> I've written up a short proposal with idea about
