On 24 August 2015 at 21:04, Dave Garrett wrote:
> uint16 length = TLSPlaintext.length;
You can't recover the plaintext without knowing how long it is. This
part at a minimum needs to be in the clear. At which point you need
it to be based on TLSCiphertext.length
___
Hi
a working solution fot TLS 1.0,1.1, 1.2, DTLS 1.0, 1.2 is to encrypt
the client certificat with an extra key computed from the master
secret
see
https://tools.ietf.org/html/draft-urien-badra-eap-tls-identity-protection-01
Rgs
Pascal
2015-08-24 22:56 UTC+02:00, Viktor S. Wold Eide :
> Hi,
>
> On Aug 25, 2015, at 2:22 AM, Tom Ritter wrote:
>
> On 22 August 2015 at 19:28, Dave Garrett wrote:
>> Toggling solves the undesired bandwidth use concern stated by Tom by making
>> it fully optional on both sides. The even simpler route of just having to
>> check if there's bytes in the enc
>> uint16 length = TLSPlaintext.length;
>
> You can't recover the plaintext without knowing how long it is. This
> part at a minimum needs to be in the clear. At which point you need
> it to be based on TLSCiphertext.length
Is that really true? You could decrypt the first block/few bytes
On Tue, Aug 25, 2015 at 10:26:24AM -0400, Kyle Rose wrote:
> (I am not claiming anything about the purity of this approach, only
> that it is technically feasible.)
SSH now has ciphersuites where the payload length is encrypted,
IIRC via a key that is different from the payload key.
--
On Aug 25, 2015 7:26 AM, "Kyle Rose" wrote:
>
> >> uint16 length = TLSPlaintext.length;
> >
> > You can't recover the plaintext without knowing how long it is. This
> > part at a minimum needs to be in the clear. At which point you need
> > it to be based on TLSCiphertext.length
>
> Is t
On Aug 25, 2015 7:42 AM, "Viktor Dukhovni" wrote:
> SSH now has ciphersuites where the payload length is encrypted,
> IIRC via a key that is different from the payload key.
Yeah, I'm not that enthusiastic about that feature, but if you want more
complexity, it is possible. The authentication prope
