On Thu, 2016-03-03 at 17:11 +0100, Hanno Böck wrote:
> It may be worth asking the authors what's their opinion of FDH vs
> > PSS
> > in view of the state of the art *today*.
> You may do that, but I doubt that changes much.
>
> I think FDH really is not an option at all here. It may very well be
>
On 4 March 2016 at 18:10, Fossati, Thomas (Nokia - GB)
wrote:
> In CoRE we might need to allocate a new SNI NameType for non-DNS host
> names [1].
>
> Removing SNI extensibility would make it unfeasible.
Not at all. Define a new extension. We have evidence that that works.
On 04/03/2016 08:42, "TLS on behalf of Martin Thomson"
wrote:
>On 4 March 2016 at 18:10, Fossati, Thomas (Nokia - GB)
> wrote:
>> In CoRE we might need to allocate a new SNI NameType for non-DNS host
>> names [1].
>>
>> Removing SNI extensibility would make it unfeasible.
>
>Not at all.
It would
On 04/03/2016 07:58, "EXT Yuhong Bao" wrote:
>
>> From: thomas.foss...@nokia.com
>> To: a...@imperialviolet.org; tls@ietf.org
>> Date: Fri, 4 Mar 2016 07:10:06 +
>> Subject: Re: [TLS] Accepting that other SNI name types will never work.
>>
>> Trying agai
Hanno Böck wrote:
> Joseph Salowey wrote:
>>
>> We make RSA-PSS mandatory to implement (MUST implement instead of MUST
>> offer). Clients can advertise support for PKCS-1.5 for backwards
>> compatibility in the transition period.
>> Please respond on the list on whether you think this is a reas
> -Original Message-
> From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Nikos
> Mavrogiannopoulos
> Sent: Friday, March 04, 2016 3:10 AM
> To: Hanno Böck; Blumenthal, Uri - 0553 - MITLL; tls@ietf.org
> Subject: Re: [TLS] RSA-PSS in TLS 1.3
>
> On Thu, 2016-03-03 at 17:11 +0100, Hanno
On Fri, 4 Mar 2016 14:45:13 +0100 (CET)
m...@sap.com (Martin Rex) wrote:
> What should have adopted for TLSv1.2 already, however, is the less
> forgiving PKCS#1 v1.5 signature check, that re-creates the encoding
> and then compares the recreated inner encoding with the RSA-decrypted
> encoding onl
Hanno Böck wrote:
> m...@sap.com (Martin Rex) wrote:
>>
>> The *huge* advantage of PKCS#1 v1.5 signatures over RSA-PSS and ECDSA
>> signatures is that one can clearly distinguish "wrong public key"
>> from "signature does not fit plaintext" errors, and loosing this
>> capability makes certain kinds
On 3 March 2016 at 23:16, Martin Thomson wrote
:
>
> I assume that the last
> error indicates that you didn't get an alert, which I find is
> alarmingly common in TLS.
>
>
Yes, that's right.
Cheers
Rich.
___
TLS mailing list
TLS@ietf.org
https://ww
Hanno Böck:
> On Thu, 3 Mar 2016 13:35:46 +
> "Dang, Quynh (Fed)" wrote:
>
>> Why don't we use an even more elegant RSA signature called "
>> full-domain hash RSA signature" ?
>
> Full Domain Hashing was originally developed by Rogaway and Bellare and
> then later dismissed because they foun
Fedor Brunner wrote:
>
> Please see the paper "Another Look at ``Provable Security''" from Neal
> Koblitz and Alfred Menezes.
>
> https://eprint.iacr.org/2004/152
>
> Section 7: Conclusion
>
> "There is no need for the PSS or Katz-Wang versions of RSA;
> one might as well use just the basic ?ha
11 matches
Mail list logo
