On Tuesday 15 December 2015 20:01:58 Bill Frantz wrote:
> So we have to trade off the risks of too much data vs. the risks
> of a complex rekey protocol vs. the risks having the big data
> applications build new connections every 2**36 or so bytes.
>
> If we don't have rekeying, then the big data
Hi Stephen,
thanks for your review comments.
On 11/20/2015 03:16 PM, Stephen Farrell wrote:
>
> Hiya,
>
> I've requested IETF LC for this one. (Sorry for being slow
> getting to it.) Please treat my comments below along with
> any other last call comments.
>
> - You probably thought about this
Eric Rescorla wrote:
> Sorry, I'm still confused TLS 1.2 uses a specific PRF. TLS 1.3 uses HKDF.
> Are you suggesting TLS 1.2 use the TLS 1.2 PRF with SHA-512 and that
> TLS 1.2 use SHA-512 with HKDF, or something different?
>
I mean that TLS 1.2 should use SHA-512 with the TLS 1.2 PRF and that
The handshake hash specification in section 7.1 says:
Where handshake_hash includes all messages up through the
server CertificateVerify message, but not including any
0-RTT handshake messages (the server's Finished is not
included because the master_secret is need to compute
the finishe
On Mon, Dec 21, 2015 at 5:49 PM, Christian Huitema
wrote:
> The handshake hash specification in section 7.1 says:
>
You're referring the editor's copy (WIP-11), right?
> Where handshake_hash includes all messages up through the
> server CertificateVerify message, but not including any
>
> You're referring the editor's copy (WIP-11), right?
Yes.
...
> I was just going over this text today and realized it's kind of confusing
> (and the whole "handshake_hash" abstraction is starting to be less useful
> in light of the PR#316 reframing of the authentication block).
Yes, the "handsha
On 22 December 2015 at 13:25, Christian Huitema wrote:
>> Unless I'm confused (which is possible given the time of night),
>> the intention, as you say, is to separate out the 0-RTT handshake
>> messages i.e., (cert, cert verify, finished) from the 1-RTT computations.
>
> OK. That does not simplif
On Monday, December 21, 2015 09:25:44 pm Christian Huitema wrote:
> > I was just going over this text today and realized it's kind of confusing
> > (and the whole "handshake_hash" abstraction is starting to be less useful
> > in light of the PR#316 reframing of the authentication block).
>
> Yes,
On Mon, Dec 21, 2015 at 6:33 PM, Dave Garrett
wrote:
> On Monday, December 21, 2015 09:25:44 pm Christian Huitema wrote:
> > > I was just going over this text today and realized it's kind of
> confusing
> > > (and the whole "handshake_hash" abstraction is starting to be less
> useful
> > > in lig
