https://github.com/tlswg/tls13-spec/pull/962
Target merge date: Thursday
In reviewing the specification, I noticed that we seem to have banned the
use of CertificateRequest with PSK both in the main handshake and in the
post-handshake phase. I don't believe that this was intentional and it
makes i
On Tue, Apr 18, 2017 at 11:29:31AM -0400, Victor Vasiliev wrote:
> I've read the draft, and I support its adoption. I believe that the
> mechanism
> is sound for its stated use.
>
> The second issue I have is with the question of when does authentication
> succeed. In TLS, by the time any party
On Thu, Apr 13, 2017 at 09:29:27PM -0700, Joseph Salowey wrote:
> At the IETF 98 meeting in Chicago there was support in the room to adopt
> draft-sullivan-tls-exported-authenticator [0]. We are looking for feedback
> on adopting this draft form the list. Please respond if you support the
> draft a
On Tue, Apr 18, 2017 at 09:48:33AM -0400, Eric Rescorla wrote:
> https://github.com/tlswg/tls13-spec/pull/962
> Target merge date: Thursday
>
> In reviewing the specification, I noticed that we seem to have banned the
> use of CertificateRequest with PSK both in the main handshake and in the
> pos
On Tue, Apr 18, 2017 at 3:41 PM, Ilari Liusvaara
wrote:
> On Tue, Apr 18, 2017 at 09:48:33AM -0400, Eric Rescorla wrote:
> > https://github.com/tlswg/tls13-spec/pull/962
> > Target merge date: Thursday
> >
> > In reviewing the specification, I noticed that we seem to have banned the
> > use of Ce
On Tue, Apr 18, 2017 at 03:51:53PM -0400, Eric Rescorla wrote:
> On Tue, Apr 18, 2017 at 3:41 PM, Ilari Liusvaara
> wrote:
> >
> > On topic of PSKs, I noticed that TLS 1.3 makes it very easy to mount
> > dictionary attacks against PSK, regardless of DHE-PSK (especially to
> > recover the client PS
On Tue, Apr 18, 2017 at 4:44 PM, Ilari Liusvaara
wrote:
> On Tue, Apr 18, 2017 at 03:51:53PM -0400, Eric Rescorla wrote:
> > On Tue, Apr 18, 2017 at 3:41 PM, Ilari Liusvaara <
> ilariliusva...@welho.com>
> > wrote:
> > >
> > > On topic of PSKs, I noticed that TLS 1.3 makes it very easy to mount
>
Thanks for the review.
Comments/questions inline. I put together a pull request with your
suggested changes here if you would like to review:
https://github.com/grittygrease/tls-exported-authenticator/pull/11
On Fri, Apr 14, 2017 at 4:44 AM Ilari Liusvaara
wrote:
> On Thu, Apr 13, 2017 at 09:29
On Sat, Apr 15, 2017 at 6:42 AM Ilari Liusvaara
wrote:
> On Fri, Apr 14, 2017 at 02:44:25PM +0300, Ilari Liusvaara wrote:
> > On Thu, Apr 13, 2017 at 09:29:27PM -0700, Joseph Salowey wrote:
> > > Hey Folks,
> > >
> > > At the IETF 98 meeting in Chicago there was support in the room to
> adopt
> >
Thanks for the review. I'm open to adding text indicating that the exported
authenticator SHOULD be sent using an application protected by the TLS
stream in question, but I don't want to remove the possibility of sending
the data over a secure secondary channel, depending on the application.
Nick
On Tue, Apr 18, 2017 at 10:18:03PM +, Nick Sullivan wrote:
> On Sat, Apr 15, 2017 at 6:42 AM Ilari Liusvaara
> wrote:
> >
> > How do certificate type extensions (#9, #19 and #20) work with exported
> > authenticators?
> >
> > Where other extensions are either meaningless or are edditional info
11 matches
Mail list logo
