>> Unless I've missed something -- they are not, assuming you have
>> a sufficiently strong random number generator. The challenge mechanism
>> rebuilds the shared state in a secure manner, and the index mechanism
>> ensures that an (index, seqno) pair is never reused.
> I had a really hard time
For the record, NSS servers always pick their choices first, except
for key shares in TLS 1.3 where P-256 and X25519 are considered equal
and the one with a share wins. Some servers do similar things for
ChaCha20Poly1305 vs. AES-128-GCM, where maybe client ordering
indicates a preference where the
Hi everyone,
Thanks again for your feedback, we've updated the document to reflect it:
https://tools.ietf.org/html/draft-ietf-babel-dtls-02
https://www.ietf.org/rfcdiff?url2=draft-ietf-babel-dtls-02
David
On Tue, Nov 13, 2018 at 1:41 PM Juliusz Chroboczek wrote:
> > - s2.5 Not sure what th
