On 11/08/2016 06:25 PM, Martin Thomson wrote:
> On 9 November 2016 at 05:59, Brian Smith wrote:
>> This isn't a pervasively shared goal, though. It's good to let the browsers
>> police things if they want, but I think a lot of implementations would
>> prefer to avoid doing work that isn't necessar
On 11/09/2016 01:42 PM, Martin Rex wrote:
> Whether or not the calling App wants to shutdown a communication
> at different times in both directions depends on the existing semantics
> of that application (which has just added TLS protection around its
> communication). Reading and processing a cl
I'm sorry for the confusion. It seems I was wrong about OpenSSL behaviour.
Watson Ladd wrote:
> Martin Rex wrote:
>>
>> If you're vaguely familiar with OpenSSL:
>> when SSL_read() has received and processed a TLS record with a
>> close_notify alert, do you know what happens to further calls
>> of
On 11/09/2016 11:42 AM, Martin Rex wrote:
> Nobody so far has provide a single example of *REAL* value.
> For the hiding of ContentType to provide real value, the prerequisites are:
>
> (1) this value will be _unconditionally_ provided in TLSv1.3
>
> (2) this value can be demonstrated to be a r
Benjamin Kaduk wrote:
[ Charset windows-1252 unsupported, converting... ]
> On 11/09/2016 11:42 AM, Martin Rex wrote:
> > Nobody so far has provide a single example of *REAL* value.
> > For the hiding of ContentType to provide real value, the prerequisites are:
> >
> > (1) this value will be _unc
On 11/10/2016 11:13 AM, Martin Rex wrote:
>
> There is a concept called "provable correctness", and folks (such as
> those from the miTLS implementation) are using this approach to check/prove
> whether TLS provides certain security properties (rather than just
> assuming that these properties are
> There is a concept called "provable correctness", and folks (such as those
Hm, your arguments against it are that heuristics will expose the information
anyway.
Has provability advanced far enough to include that concept?
___
TLS mailing list
TLS@ie
Benjamin Kaduk wrote:
[ Charset windows-1252 unsupported, converting... ]
> On 11/10/2016 11:13 AM, Martin Rex wrote:
> >
> > There is a concept called "provable correctness", and folks (such as
> > those from the miTLS implementation) are using this approach to check/prove
> > whether TLS provides
Martin Rex writes:
>There is a concept called "provable correctness",
The problem with provable whatever is that it merely proves that, as far as
the provers can tell, the thing they're dealing with conforms to some abstract
model. I don't think you can prove much about whatever hiding the Con
