Karthikeyan Bhargavan wrote:
>
> Yes Hugo, you?re right that when there is no client auth,
> the situation is less problematic.
I'm not so sure.
There might be the desire of the server to keep some data confidential,
and your argument is that if the data wasn't confidential to begin with,
the s
Watson Ladd wrote:
>
> But will they call tls_send_data_replayable?
The proper name would be tls_send_data_replayable_and_NO_forward_secrecy.
-Martin
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Le 2016-02-25 12:29, m...@sap.com a écrit :
Karthikeyan Bhargavan wrote:
Yes Hugo, you?re right that when there is no client auth,
the situation is less problematic.
I'm not so sure.
QUIC gives a pretty good idea of how 0-RTT is going to be used in
browsers: they will almost certainly send
On Tue, Feb 23, 2016 at 10:39:37PM -0500, Hugo Krawczyk wrote:
> On Tue, Feb 23, 2016 at 8:57 PM, Dave Garrett
> wrote:
>
> I suggest to also define TLS 1.3-EZ.
> A subset of core safe functionality that should address the majority of the
> usage cases.
What restrictions should there be for tha
Hi all,
[Introduction]
CELLOS (Cryptographic protocol Evaluation toward Long-Lived Outstanding
Security) forms a team for formal verification of TLS. It has modeled TLS 1.3
draft specification and conducted verification by using ProVerif. Until now, we
have modeled the full handshake protocol
As I said in another email, without client authentication (which is the
scenario in the Karthik quote), data sent by the server should be
considered secure only against passive adversaries. Any additional
assumption on confidentiality (i.e., restricting the power of an active
attacker) must conside
On Thu, Feb 25, 2016 at 08:05:58AM -0800, Shin'ichiro Matsuo wrote:
>
> -
>
> [What's checked]
> We checked the TLS draft-11 full handshake protocol for the following two
> properties.
> * Secrecy of payload: Can the attacker know the encrypted payload?
> * A
On Thu, Feb 25, 2016 at 9:55 PM, Antoine Delignat-Lavaud <
anto...@delignat-lavaud.fr> wrote:
> Le 2016-02-25 12:29, m...@sap.com a écrit :
>
>> Karthikeyan Bhargavan wrote:
>>
>>>
>>> Yes Hugo, you?re right that when there is no client auth,
>>> the situation is less problematic.
>>>
>>
>> I'm no
On Thu, Feb 25, 2016 at 11:54 AM, Hugo Krawczyk wrote:
> As I said in another email, without client authentication (which is the
> scenario in the Karthik quote), data sent by the server should be considered
> secure only against passive adversaries. Any additional assumption on
> confidentiality
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security of the IETF.
Title : Secure Password Ciphersuites for Transport Layer
Security (TLS)
Authors : Dan Harkins
Hi,
On Wed, February 24, 2016 1:59 pm, Rick van Rein wrote:
> Hi,
>
>> Although the lack of modern cipher-suites for SRP makes it not very
>> attractive these days.
>>
> Does anyone know if work on something like "ECSRP" is going on, anywhere?
>
> We've recently worked on getting it working wit
On Thu, Feb 25, 2016 at 11:33 PM, Dan Harkins wrote:
>
> Hi,
>
> On Wed, February 24, 2016 1:59 pm, Rick van Rein wrote:
>> Hi,
>>
>>> Although the lack of modern cipher-suites for SRP makes it not very
>>> attractive these days.
>>>
>> Does anyone know if work on something like "ECSRP" is going
12 matches
Mail list logo
