On 08/26/2015 11:42 PM, Dave Garrett wrote:
> On Wednesday, August 26, 2015 05:11:01 pm Joseph Salowey wrote:
>> It looks like we have good consensus on PR 169 to relax certificate list
>> ordering requirements. I had one question on the revised text. I'm
>> unclear on the final clause in this se
Hi all,
I thank everyone who took time to think about the issue.
The tone of my message below asked for a discussion of "allowed"/optional
support for DSA with key size of 2K or bigger. So there would not be a required
support for it.
There is a number of validated DSA implementations out t
On Mon, 31 Aug 2015 12:13:09 +
"Dang, Quynh" wrote:
> TLSs are used in more places than just
> public servers and common browsers. For the people who use DSA in
> TLSs, it would be nice if they could run TLS 1.3 with DSA if they
> choose to do so.
I think we all know that TLS is more than br
On 08/31/2015 05:54 PM, Martin Thomson wrote:
> On 31 August 2015 at 05:02, Florian Weimer wrote:
>> MUST NOT automatically complete incomplete chains
>
> Um, no. I realize that this is a feature that is hard for others to
> replicate, but being able to reach sites is important to people. All
>
> On Aug 31, 2015, at 6:56 PM, Florian Weimer wrote:
>
> On 08/31/2015 05:54 PM, Martin Thomson wrote:
>> On 31 August 2015 at 05:02, Florian Weimer wrote:
>>> MUST NOT automatically complete incomplete chains
>>
>> Um, no. I realize that this is a feature that is hard for others to
>> replic
On Fri, Aug 28, 2015 at 06:33:17PM +, Viktor Dukhovni wrote:
> On Fri, Aug 28, 2015 at 11:07:02AM -0700, Martin Thomson wrote:
> Furthermore, anon-DH has strong privacy properties, the server
> sends no identity information, not even a public key. Any
> channel-binding at the next layer is pri
On Mon, Aug 31, 2015 at 9:13 AM, Nico Williams
wrote:
> On Fri, Aug 28, 2015 at 06:33:17PM +, Viktor Dukhovni wrote:
> > On Fri, Aug 28, 2015 at 11:07:02AM -0700, Martin Thomson wrote:
> > Furthermore, anon-DH has strong privacy properties, the server
> > sends no identity information, not ev
On Mon, Aug 31, 2015 at 09:18:34AM -0700, Eric Rescorla wrote:
> On Mon, Aug 31, 2015 at 9:13 AM, Nico Williams
> wrote:
> > I'm not sure how I feel about this. The idea that we always do a DH key
> > exchange and always have a server signature means we can greatly reduce
> > the number of cipher
On Mon, Aug 31, 2015 at 9:45 AM, Nico Williams
wrote:
> On Mon, Aug 31, 2015 at 09:18:34AM -0700, Eric Rescorla wrote:
> > On Mon, Aug 31, 2015 at 9:13 AM, Nico Williams
> > wrote:
> > > I'm not sure how I feel about this. The idea that we always do a DH
> key
> > > exchange and always have a s
On Mon, Aug 31, 2015 at 09:48:10AM -0700, Eric Rescorla wrote:
> On Mon, Aug 31, 2015 at 9:45 AM, Nico Williams
> wrote:
> > How would we get rid of PSK [without DH]? What would the impact be on
> > IoT devices? Could we have a fake-DH-and-signature PSK scheme to make
> > it easy on IoTs?
>
> I
On Monday, August 31, 2015 08:43:16 am Hanno Böck wrote:
> If you can tell us
> a) who is using DSA
> b) why they think this has an advantage
> we can have a useful discussion.
Not to mention:
c) why they aren't switching to ECDSA
Dave
___
TLS mailing
On 08/28/2015 08:17 PM, Geoffrey Keating wrote:
Jeffrey Walton writes:
Also, if DSA was to be supported, one would need to specify how to
determine the hash function (use of fixed SHA-1 doesn't fly). And
1024-bit prime is too small.
FIPS186-4 (http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.
12 matches
Mail list logo
