> I forget, did we need to bind it to the actual handshake secret, or was
> the transcript and ClientHelloInner.random sufficient? That would avoid the
> circular processing dependency.
>
As I recall, it was decided to bind the acceptance signal to the handshake
signal in order to mitigate some sp
On 3/18/2021 7:35 AM, Christopher Patton wrote:
I forget, did we need to bind it to the actual handshake secret, or was
the transcript and ClientHelloInner.random sufficient? That would avoid the
circular processing dependency.
As I recall, it was decided to bind the acceptance signal to the h
Hiya,
On 18/03/2021 16:55, Christian Huitema wrote:
On 3/18/2021 7:35 AM, Christopher Patton wrote:
I forget, did we need to bind it to the actual handshake secret, or was
the transcript and ClientHelloInner.random sufficient? That would
avoid the
circular processing dependency.
As I recal
On 3/18/2021 10:24 AM, Stephen Farrell wrote:
Hiya,
On 18/03/2021 16:55, Christian Huitema wrote:
On 3/18/2021 7:35 AM, Christopher Patton wrote:
I forget, did we need to bind it to the actual handshake secret, or
was
the transcript and ClientHelloInner.random sufficient? That would
avoid
On Thu, Mar 18, 2021 at 2:56 PM Christian Huitema
wrote:
>
> On 3/18/2021 10:24 AM, Stephen Farrell wrote:
> >
> > Hiya,
> >
> > On 18/03/2021 16:55, Christian Huitema wrote:
> >> On 3/18/2021 7:35 AM, Christopher Patton wrote:
> >>
> I forget, did we need to bind it to the actual handshake
Hiya,
On 18/03/2021 19:17, David Benjamin wrote:
I don't think I'd agree that *most* of the work is in the secret
> computation per se. Actually doing trial decryption with
> the secret requires reaching down into the record layer.
> This is especially onerous for QUIC, where the record layer
