On Tue, 2017-12-05 at 12:00 +0100, Nikos Mavrogiannopoulos wrote:
> On Mon, 2017-12-04 at 17:24 -0800, Eric Rescorla wrote:
> > Hi folks,
> >
> > I've put together a PR that attemps to address the PSS issue.
> >
> > See:
> > https://github.com/tlswg/tls13-spec/pull/1114
As I guess, we cannot man
On Mon, Dec 11, 2017 at 12:09 AM, Ilari Liusvaara
wrote:
> Transforming messages before putting them in transcript? That sounds
> like recipe for some very nasty implementation headaches.
>
> AFAIK, nothing else in TLS does this. TLS 1.3 has reset hash and inject
> synthetic message, but that is a
On Mon, Dec 11, 2017 at 08:59:44AM +0100, Nikos Mavrogiannopoulos wrote:
> On Tue, 2017-12-05 at 12:00 +0100, Nikos Mavrogiannopoulos wrote:
> > On Mon, 2017-12-04 at 17:24 -0800, Eric Rescorla wrote:
> > > Hi folks,
> > >
> > > I've put together a PR that attemps to address the PSS issue.
> > >
On Mon, Dec 11, 2017 at 08:50:17AM -0600, Martin Thomson wrote:
> On Mon, Dec 11, 2017 at 12:09 AM, Ilari Liusvaara
> wrote:
> > Transforming messages before putting them in transcript? That sounds
> > like recipe for some very nasty implementation headaches.
> >
> > AFAIK, nothing else in TLS doe
On Mon, Dec 11, 2017 at 9:00 AM, Ilari Liusvaara
wrote:
> I searched the drafts (both -00 and -01). I find absolutely nothing
> to suggest this extension would play any games with the handshake
> hash. And considering that extension playing such games is AFAIK
> unprecidented, that would warrant r
The discussion of this draft makes it sound like implementations
will have additional complexity to support certificate
compression. Complexity adds security risks, so just how much
benefit does certificate compression provide? My naive thinking
is that most of the data in certificates is signa
Ben,
Putting the authenticator in an encrypted tunnel is not necessary for
binding, but it is necessary for keeping the certificate itself
confidential. I'll add text to that effect.
Nick
On Wed, Nov 15, 2017 at 7:13 PM Benjamin Kaduk wrote:
> In the exported authenticators draft we claim that
Certificates are pretty wasteful, outside of the keys themselves.
There has to be some significant gains to be had. I think that we
have discussed generating a dictionary that would be useful for
certificates, so if we do that we won't know the full answer yet (I
see no mention of that in the draf
