Hi all,
In an off-list discussion on the wire format for DTLS CID Eric raised
the point that a DTLSShortCiphertext header is completely stuffed, and
it'd be impossible to grab another bit from the sequence number (already
down to 12 bits) to signal the presence of a CID.
I made a proposal for a s
On Thu, 1 Mar 2018, Shumon Huque wrote:
I do not know if the draft authors and/or WG have an appetite to do the muchÂ
more major change suggested by Viktor (i.e in-protocol pinning TTL commitment
and requiring subsequent denial of existence proof if DANE is removed).
I think it is worth discus
Hi folks,
This is way outside the range of my DISCUSS, so maybe we should change the
thread title.
Paul, can you walk me through the security value of a proof of nonexistence
here? Perhaps describe an attack that it stops.
-Ekr
On Sat, Mar 3, 2018 at 7:09 PM, Paul Wouters wrote:
> On Thu, 1
[ Not replying for Paul, I'm sure he he'll post views separately ]
> On Mar 3, 2018, at 10:21 PM, Eric Rescorla wrote:
>
> Paul, can you walk me through the security value of a proof of nonexistence
> here? Perhaps describe an attack that it stops.
My take is:
Non-existence proofs can clear a
